Data  security  plague 

Retailers  tell  tales  of  woe  about  their  battles  with 
online  hackers  and  would-be  data  thieves.  PAGE  8. 


Air-traffic  controllers 

In  this  Clear  Choice  test,  we  evaluate  new  tools  for 
detecting  Wi-Fi  and  Bluetooth  noise  sources.  PAGE  50. 


Introducing  ITVideo 

Check  out  our  two  new  online  video  features  -  Network 
World  Hot  Seat  and  Cool  Tools.  Details  on  PAGE  6  and  at 
www.networkworld.com/video 
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Microsoft's  ‘Live’  plan 
short  on  business  apps 


Web  hosting  costs  soar 


Cost  savings  primary  motivator 

Customers  cite  top  reasons  for  Web  hosting. 


Reasons  (respondents  were  asked  to  name  three) 


24/7  IT  support  1®  Improved  backup/redundancy 

Improved  site  security  ■■  Speed  of  implementation 

Improved  site  performance/scalability  source:  idc 


BY  JOHN  FONTANA 

Microsoft  jumped  into  the  soft- 
ware-as-a-service  game  last  week, 
but  conspicuously  absent  was  a 
strategy  to  develop  corporate- 
focused  services. 

Microsoft’s  unveiling  of  Win¬ 
dows  Live  and  Office  Live,  which 
ironically  have  nothing  to  do  with 
offering  Windows  or  Office  as  ser- 

Hot  services 


vices,  was  little  more  than  a  re¬ 
branding  of  MSN  consumer  ser¬ 
vices  already  available  or  under 
development,  according  to 
observers.  The  company  also  un¬ 
veiled  its  plans  for  early  2006  to 
release  business  services  linked 
to  internal  deployments  of  Office 
and  targeted  at  companies  with 
See  Microsoft,  page  16 


Heavy  demand 
puts  customers 
on  waiting  lists 
in  some  cities. 

BY  CAROLYN  DUFFY  MARSAN 

When  it  comes  to  the  Web  host¬ 
ing  market,  what  a  difference  two 
years  makes. 

In  2003,  Northern  Virginia, 
Silicon  Valley  and  Dallas  were 
among  the  areas  littered  with 
mothballed  Internet  data  centers, 
as  carriers  such  as  Exodus,  Cable 
&  Wireless  and  Sprint  exited  the 
hosting  and  collocation  markets 
after  the  dot-com  bust. 

Today,  service  providers  includ¬ 
ing  Equinix,  Sawis  Communica¬ 
tions,  AT&T  and  MCI  are  snap¬ 
ping  up  these  empty  facilities, 
retrofitting  them  with  today’s 
power-hungry  Internet  servers 
and  reopening  them  to  meet  sky¬ 


rocketing  corporate  demand  for 
hosting.  This  call  for  floor  space 
and  services  at  carrier  data  cen¬ 
ters  and  the  accompanying 
price  increases  are  being  driven 
by  corporate  efforts  to  improve 


disaster  recovery  and  regulatory 
compliance. 

“If  a  company  looked  at  out¬ 
sourcing  two  or  three  years  ago,  it 
was  a  buyers’  market.  Now  space 

See  Web  hosting,  page  14 


A  recent  survey  by  I  DC  shows  the  10  most  popular  types  of 
software  being  reviewed  or  purchased  in  the  software-as-a- 
service  or  on-demand  model; 


1  Payroll 

6  Workforce  management 

2  Accounting 

7  Messaging 

3  Intrusion  detection 

8  Salesforce  automation 

4  Web  conferencing 

9  Human  resources 

5  Development  tools 

10  Group  software  (Microsoft  Exchange  or  Lotus  Notes) 

Botnets  getting  nastier 


public  enemy 

Last  week’s  arrest  of  a  California 
man  on  charges  that  he  exploited 
thousands  of  hijacked  computers 
to  generate  spam  and  damage 
systems  is  the  latest  evidence  of 
the  menace.  Authorities  say  that 
See  Bots,  page  12 


BY  ELLEN  MESSMER 

Software  robots  —  bots  —  that 
invade  computers  so  an  attacker 
can  covertly  control  them  have 
existed  for  at  least  two  decades. 
Today,  however,  their  prolifera¬ 
tion,  sophistication  and  criminal 
use  are  making  them  a  top 


*  WiderNet 


An  unseemly  marriage 


Porn  sites  and  spyware 
go  hand  in  hand  on  the  Web. 


BY  ANN  BEDNARZ 

Spyware  used  to  worm  its  way 
into  PCs  when  users  tried  to 
download  a  free  utility  such  as 
a  screen  saver,  and  wound  up  with  an 
unexpected  bonus  after  agreeing  to 
the  distributor’s  license  agreement. 

Today  most  spyware  infiltrations  follow  a 
different  course:  Users  browsing  the  Web  unknowingly  launch 
“drive-by”  downloads  as  they  peruse  sites  affiliated  with  spyware 

See  Spyware,  page  68 


OAN  VASCONCEllOS 


A  Service  Managing  7  Million  Transactions  a  Day. 

Running  on  Microsoft  SQL  Server  2005. 


-  - 


■ 

-  >  •;  -  .  '  •  • 

", _ j_  . .  j 

\..U  u. 

. 

..  !i 

Your  potential.  Our  passion. 

Microsoft 


How  does  Xerox  Global  Services  manage  millions  of  office  devices  for  its  customers? 
Their  largest  application  runs  on  new  SQL  Server™  2005  64-bit  running  on  Windows 
Server™  2003,  which  provides  99.999%  uptime*  See  how  at  microsoft.com/bigdata 


Microsoft* 

Windows 
Server  System 


wT  »i«ti  JF 

>~—L 

*  ■ 

fcl  >■:■>■■■>  ■ 

i 

■> .  ij 

~T<  *r 

V 

1  .  (  B 

mim 

-m,  «-*« 

Jk  S  - 

#  • 

'  e 

!?  5* '  ‘  m:} 

i  1 

AT&T 


and 

MASTERCARD* 


Can  your 
network 
reward 
loyalty? 


IMPROVE  CUSTOMER  RELATIONSHIPS.  When  MasterCard  wanted 
to  reward  cardholders  around  the  globe,  they  signed  up  with  the 
world’s  networking  company.  Now,  with  intelligent,  end-to-end 
networking  solutions  from  AT&T,  MasterCard  can  track  and 
deliver  customer  rewards  right  over  the  network.  As  a  result, 
MasterCard  can  help  banks  distribute  airline  tickets, 
merchandise,  gift  cards  and  financial  services  to  enable  increased 
activation  and  usage.  Not  to  mention  the  kind  of  customer 
loyalty  that  money  just  can’t  buy.  CAN  YOUR  NETWORK  DO  THIS? 
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AT&T  : 

The  world's  networking  company® 


To  find  out  how  AT&T’s  networking  solutions 
;  helped  MasterCard  transform  its  business,  go  to: 

att.com/reward 

'  •  ..©2005  AT&T 
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The  Palm  TX  handheld  com¬ 
bines  business  and  consumer 
features.  Page  42. 


Clear  Choice  Test: 

Group  policy  management  tools 


NETWORKWORLD 


NetlQ  wins  our  test  of 
third-party  products  that 
add  functionality  to  Micro¬ 
soft's  Active  Directory  man¬ 
agement  tools.  Page  46. 


The  AirMagnet  Spectrum  Analyzer,  which  monitors 
many  different  wireless  signals,  can  be  used  by  net¬ 
work  engineers  to  scan  airwaves  to  find  interfering 
noise  sources. 

Clear  Choice  Test: 

Air  traffic  controllers 

New  tools  for  detecting  Wi-Fi  interference  and  Bluetooth  noise 
sources.  Page  50. 
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Join  us  as  we  look  back  at  the 
events  of  the  past  10  years  in  net¬ 
working  and  tell  us  where  the  net¬ 
work  is  headed.  DocFinder:  9641 

The  strange  world  of  IT  jargon 

IT  Borderlands'  Ken  Fasimpaur  won¬ 
ders  whether  a  security  advisory 
titled  "Snort  Back  Orifice 
Preprocessor  Buffer  Overflow"  is 
funny  to  anyone  else:  “I  understand 
the  technical  use  of  'Snort'  and 
'Back  Orifice'  here,  and  the  rest  of 
the  language  is  clear  enough  to  a 
technical  person.  Still,  the  phrase  as 
a  whole  borders  on  the  absurd." 

DocFinder:  9642 

Wireless  LAN  Buyer's  Guide 

Online  help  and  advice 

your  peers.  DocFinder:  8121 
Cool  Tools  Daily  Dose 

Columnist  Keith  Shaw  gets  you  the 
info  on  a  1-inch,  4G-byte  external 
USB  hard  drive,  the  new  swiveling 
keypad-equipped  Samsung  phone,  a 
50-inch  plasma  TV  for  under 
S3, 000  and  more.  DocFinder:  9540 

Telework  Beat 

Heavenly  work  sites 
Reporter  Ann  Bednarz  runs  down 
picks  for  idyllic  telecommuting  cities 
to  working  in  cars.  DocFinder:  9645 

Seminars  and  events 

Reality  check  for  your  '06  FT  plans 

Which  innovations  will  have  the  biggest  impact  on  your  network  in  2006? 

Attend  IT  Road  map  '06:  What's  New,  What’s  Next,  and  What  to  Buy  Now. 
Industry  insiders  will  separate  the  hype  from  the  facts  and  figures  you  need 
to  accurately  allocate  your  '06  dollars.  Qualify  to  attend  free  —  and  the 
opportunity  to  win  a  42-inch  plasma  TV  when  you  attend.  DocFinder:  9648 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder  1001 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 


Home  Base 

Application  cleanup 
Reporter  Sandra  Gittlen  says  take  a 
look  —  you  may  be  surprised 
what's  sitting  on  your  hard  drive. 

DocFinder:  9646 

Small  Business  Tech 

Beware  cybersquatters 
Columnist  James  Gaskin  talks  to  one 
reader  who  learned  a  hard  lesson 
and  sends  a  warning. 

DocFinder:  9647 


Our  continuously  updated  guide 
details  nearly  200  products  and  lets 
you  slice  and  dice  product  info  in  sev¬ 
eral  ways  DocFinder:9643 

Podcast:  Verity  and  enterprise 
search 

Verity  recently  launched  Version  6.0 
of  its  K2  Enterprise  product,  which 
targets  special  applications  that 
require  a  lot  of  heavy  data  lifting. 
Nicole  Eagan,  chief  marketing  officer 
at  Verity,  details  tftA  Please  and  the 
enterprise  search  market  in  general. 
DocFinder:  9644 

2005  Salary  Calculator 

Are  you  making  what  you're  worth? 
Register  free  and  find  out  how  your 
compensation  compares  with  that  of 
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Microsoft  flags  flawed  Internet  Explorer  patches 

■  Two  patches  released  by  Microsoft  earlier  this  year  for  its  Internet  Explorer  brows¬ 
er  may  cause  some  Web  sites  to  improperly  load.The  bulletins,  MS05-038  and  MS05- 
052,  removed  “unsafe  functionality”  and  change  how  the  browser  handles  ActiveX 
controls  for  security  reasons,  Stephen  Toulouse,  a  program  manager  in  Microsoft’s 


TheGoodTheBadTheUgly 

Nortfil  gets  its  man.  What's  an  extra  $11.5  million  out 
the  door  when  you  report  a  third  quarter  loss  of  $105  million,  as  Nortel 
did  last  week?  Nortel  has  agreed  to  pay  $11.5  million  as  part  of  a  law¬ 
suit  settlement  with  Motorola  over  the  Nortel's  recent  hiring  of  Mike 
Zaifiovski,  formerly  Motorola's  president  and  COO.  Motorola  had  cited 
non-compete  agreements  in  filing  the  suit. 


security  unit,  wrote  last  week  on  the  Microsoft  Security  Center  Response  blog.  After 
installing  MS05-038,  first  published  Aug.  9  on  the  Microsoft  Download  Center,  Web 
pages  containing  Component  Object  Model  (COM)  objects  called  monikers  may 
not  work  as  expected.  MS05-052,  published  Oct.  1 1 ,  added  an  additional 
check  for  a  specific  interface  for  ActiveX  controls  before  allowing  a  COM 
object  to  run  in  Internet  Explorer.  But  it  also  blocks  some  Web  pages  con¬ 
taining  ActiveX  controls,  Microsoft  said.  Users  who  are  missing  certain  reg¬ 
istry  subkeys  also  may  experience  problems  with  this  patch,  Microsoft 
said.  Instructions  for  the  two  possible  problems  with  MS05-052  can  be 
found  at  www.networkworld.com,  DocFinders:  9649  and  9650. 


Ddl  miSSCS  again.  Dell’s  run  as  the  financial  darling  of 
the  technology  world  may  have  come  to  an  end  last  week  as  the  com¬ 
pany  announced  it  would  miss  its  quarterly  revenue  target  for  the  sec¬ 
ond-straight  period.  Gordon  Haff,  principal  analyst  with  consultancy 
llluminata,  said:  “Dell  has  had  a  really  good  run  selling  essentially  cook¬ 
ie-cutter  rack-mount  servers.  But  the  era  of  solving  problems  by  just 
buying  more  boxes  is  coming  to  a  close." 

<  Sticking  it  to  Solaris. 

Self-described  IT  bozo  Robert  Leftkowitz 
poked  fun  at  the  open  source  industry  dur¬ 
ing  a  presentation  at  the  Open  Source 
Business  Conference  called  “What's  Wrong 
with  Open  Source?"  At  one  point  he  started 
ticking  off  technologies  that  become  open 
source  offerings  after  failing  commercially. 
Then  popped  up  a  slide  on  OpenSolaris.  "Just 
joking,"  he  said. 


Oracle  loses  CFO . . .  again 

■  Oracle  has  lost  its  second  CFO  this  year.The  company 
said  last  week  that  Greg  Maffei  will  leave  later  this 
month.“Greg  has  told  us  he’s  looking  at  a  terrific  profes¬ 
sional  opportunity’ said  Oracle  CEO  Larry  Ellison  in  a 
written  statement.  Former  Microsoft  executive  Maffei 
spent  just  four  months  at  Oracle  after  joining  the  com- 


HETWOBKWOBLD 


Introducing  Network  World  ITVideo,  your  source  for 
interactive  news.  We’re  launching  with  two  weekly 
series  designed  to  keep  you  in  the  loop,  each  of 
which  require  no  more  than  5  minutes  of  your  time: 

•  The  Network  World  Hot  Seat, 

in  which  President  and  Editorial 
Director  John  Gallant’s  pointed 
questions  get  candid  answers  from 
industry  luminaries  and  vendor 
executives.  First  up, Tom  Burkardt,  chairman,  CEO 
and  president  of  BlueNote  Networks. 

•  And  Cool  Tools,  where  Senior 
Editor  of  Product  Testing  Keith 
Shaw  tests  and  rates  the  latest 
gizmos  so  you  don't  have  to.  Shaw 
first  looks  at  the  Sony  VaioT350P 
laptop  equipped  to  support 
Cingular’s  Edge  wireless  broadband  network. 

Log  on  to  www.networkworld.com/vldeo 
for  your  first  taste. 


pany  in  late  June.  He  replaced  Harry  You, 
who  left  Oracle  in  March  after  eight  months.You  depart¬ 
ed  to  take  over  as  CEO  of  services  company 
BearingFbint.  Oracle’s  CFO  position  has  become  a 
revolving  door  since  longtime  CFO  Jeff  Henley  vacated 
the  office  in  2004  to  become  Oracle’s  chairman.  Oracle 
said  that  Co-president  Safra  Catz  will  take  over  CFO 
duties,  as  she  did  following  You’s  departure.  Oracle 
intends  for  Catz  to  permanently  fill  the  job  and  is  not 
conducting  a  search  for  a  new  CFO,  a  company  spokes¬ 
woman  said. 

Firefox  upgrade  available  to  test 

■  The  Mozilla  Foundation  last  week  released  a  test 
preview  of  the  next  version  of  the  Firefox  browser, 
demonstrating  the  upcoming  release’s  improved  pop¬ 
up  blocking,  enhanced  navigation  and  added  support 
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“It's  looking  like  software  is 
an  endangered  species  at 
Microsoft.The  implication  of 
‘Windows  Live’  is  that  their 
existing  offering  is 
‘Windows  Dead.’” 

Marc  Benioff,  Salesforce.com  CEO,  reacting  to  Microsoft's  “ Live 
Software”  announcement  Noo.  1. 


NOAH  JONES 


for  Web  standards.  Mozilla  Firefox  1.5  Release 
Candidate  1  is  available  now  so  testers  can  make  fixes 
before  the  final  code  is  released,  according  to  infor¬ 
mation  on  the  Mozilla  Web  site.  Firefox  1.5  should  be 
available  in  full  release  before  year-end,  with  one  more 
preview  to  be  made  available  as  early  as  Nov.  11  if 
feedback  from  Release  Candidate  1  is  positive,  accord¬ 
ing  to  the  Mozilla  Web  site.  New  features  include  a  bet¬ 
ter  system  for  updating  software,  faster  navigation 
using  the  Back  and  Forward  tabs,  and  a  redesigned 
Options/Preferences  window  that  increases  the  num¬ 
ber  of  category  icons  and  moves  them  from  the  left 
side  of  the  window  to  the  top. 

International  ’Net  oversight  opposed 

■  Business  and  government  officials  were  united  last 
week  in  opposition  to  recent  proposals  to  create  an 
international  Internet  governing  body  saying  it  could 
slow  innovation  and  limit  online  choices.  Proposals  to 
establish  this  body  and  take  away  the  administration  of 
the  Internet’s  top-level  Domain  Name  System  from  the 
nonprofit  Internet  Corporation  for  Assigned  Names  and 
Numbers  (ICANN)  would  open  the  Internet  to  the  polit¬ 
ical  whims  of  governments,  said  Rick  Lane,  vice  presi¬ 
dent  of  government  affairs  at  News  Corp.,a  media  com- 
panyThat  is  one  of  our  concerns:  that  all  of  a  sudden, 
politics  that  have  nothing  to  do  with  ICANN  start  trick¬ 
ling  into  . . .  how  the  Internet  is  being  run,”  said  Lane, 
speaking  at  a  forum  about  the  upcoming  World  Summit 
on  the  Information  Society.  The  European  Union  in 
September  called  for  an  international  governing  body 
for  the  Internet  and  a  reduced  role  for  ICANN,  created  in 
1998  by  the  U.S.  Department  of  Commerce. 


Spam,  spyware,  and  virus  protection  at  an  affordable  price 


•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 
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Security  plagues  retailers 


Security  vendors 
address  spyware 


BY  TIM  GREENE 

Check  Point,  Blue  Coat  Systems 
and  start-up  GraniteEdge  Security 
are  this  week  introducing  prod¬ 
ucts  that  address  differing  net¬ 
work  threats  ranging  from  spy- 
ware  to  zero-day  attacks. 

Check  Point  Software  is  adding 
anti-spyware  capabilities  to  its  In¬ 
tegrity  software,  which  scans  re¬ 
mote  machines  for  compliance 
with  network  security  policies. 
Adding  anti-spyware  to  Integrity 
may  appeal  to  businesses  that 
want  a  software  package  that  pro¬ 
tects  individual  PCs  rather  than 
one  that  requires  buying  separate 
products  from  multiple  vendors, 


Corrections 


■The  story  “Kane  County  con¬ 
verges  to  clean  up  network  prob¬ 
lems"  (Oct.  31,  page  21)  should 
have  stated  that  the  county  uses 
an  IBM  ES9000  mainframe.  Also 
the  county  used  dark  fiber  to  con¬ 
nect  Geneva  and  St.  Charles. 

■  In  the  Cool  Tools  column  (Oct. 

31,  page  44)  the  URL  should  have 
been  listedls  www.slowlbods.com. 


says  Rob  Whiteley  an  analyst  with 
Forrester  Research. 

The  company  also  is  introduc¬ 
ing  a  service  that  updates  the  spy- 
ware  signature  files  in  Integrity 
Check  Point  draws  on  a  network 
of  cooperating  customers  that 
allows  the  company  to  gather 
data  about  spyware  and  add  new 
finds  to  its  database. 

The  update  service  is  priced  on 
numbers  of  users;  for  example,  it 
costs  $9,250  for  1,000  users.  The 
anti-spyware  software  is  pack¬ 
aged  with  Integrity  6.5. 

To  protect  networks  from 
attacks  coming  in  through  SSL 
connections,  Blue  Coat  is  re¬ 
leasing  software  for  its  ProxySG 
appliance.  It  lets  network  secu¬ 
rity  staff  peer  into  encrypted 
SSL  traffic  generated  from  with¬ 
in  business  networks  to  block 
access  to  unauthorized  sites 
and  to  prevent  SSL  links  from 
becoming  conduits  for  viruses 
or  worms. 

For  example,  the  state  of  Dela¬ 
ware  uses  the  software  to  check 
that  SSL  sessions  inside  its  net¬ 
work  are  not  allowing  inappropri¬ 
ate  content,  says  Glenn  Wright,  a 
See  Security,  page  16 


BY  ANN  BEDNARZ 

CHICAGO  —  Within  24  hours  of 
telling  the  public  about  a  data 
leak  earlier  this  year,  ChoicePoint 
lost  Wall  Street’s  confidence  and 
gained  unwanted  attention  from 
would-be  hackers  and  thieves. 

ChoicePoint’s  market  capitaliza¬ 
tion  plummeted  $300  million,  and 
the  number  of  exploratory  pings 
aimed  at  its  servers  jumped  from 
100,000  to  a  couple  of  million 
overnight,  said  Marty  Smith,  the 
company’s  business  information 
officer  and  chief  architect.  The 
company  is  still  under  federal  in¬ 
vestigation  about  the  breach  and 
is  battling  financially.  Smith  laid 
out  his  company’s  landscape  to 
an  audience  of  IT  executives  at 
the  Retail  Data  Security  Forum, 
held  last  week  at  Marshall  Field’s 
department  store  in  Chicago. 

Data  broker  ChoicePoint  han¬ 
dles  more  than  17  billion  con¬ 
sumer  records.  Its  services 
include  providing  data  for  ident¬ 
ity  verification,  pre-employment 
screening,  insurance  underwrit¬ 
ing  and  asset  location.  The 
Alpharetta,  Ga.,  company  esti¬ 
mates  that  about  145,000  con¬ 
sumers  may  have  had  their  per¬ 
sonal  information  exposed  when 
scammers  fraudulently  obtained 
access  to  its  data. 


Secuijg  data  stores 

Brian  Kilcourse,  chief 
strategist  at  Retail  Systems 
Alert  Group,  recommends 
these  three  tactics  for 
keeping  tighter  rein  on 
consumer-specific  data. 

•  Control  ad-hoc  queries  of  the  data. 

•  Encrypt  consumer-specific 
information  inside  databases. 

•  Capture  forensic  data  related  to  the 
creation,  retrieval  and  updating  of 
consumer-specific  data. 

ChoicePoint  publicly  disclosed 
the  data  breach  in  February 
Criminals  had  set  up  dozens  of 
fraudulent  accounts  with  Choice- 
Point  by  posing  as  legitimate  busi¬ 
nesses  needing  consumer  data. 

In  Chicago,  Smith  talked  about 
the  costs  and  risks  associated  with 
security  breaches,  and  the  types  of 
data-fraud  schemes  perpetrated 
by  organized-crime  rings  and  indi¬ 
viduals.  Data  criminals  are  after 
any  record  that  associates  the 
name  of  a  party  with  another 
identifier, such  as  a  home  address, 
work  address,  telephone  number, 
Social  Security  number,  place  of 
birth  or  a  description  of  the  per¬ 


son.  “It’s  amazing  to  me  what  little 
information  these  people  need  to 
commit  fraud," he  said. 

There  are  technology-related 
ways  to  mitigate  and  control  data 
breaches  —  from  multi-factor 
authentication  and  real-time 
monitoring  to  honeypots  and 
audit  controls,  Smith  said.  In  addi¬ 
tion,  education  and  awareness 
are  important.  Retailers  should 
use  technology  to  track  patterns 
of  access  and  behavior.  They  also 
should  share  information  about 
known  or  suspected  misuse,  and 
get  involved  with  local  and 
national  legislative  efforts. 

Vigilance  required 

Erik  Goldoff,IT  systems  manager 
at  the  HoneyBaked  Ham  Co., 
stressed  the  need  for  companies 
to  regularly  peruse  system  data, 
such  as  server  logs  and  band¬ 
width  histograms,  to  better  under¬ 
stand  typical  usage  trends. 

“When  a  purse  gets  stolen,  it’s 
gone.  But  when  someone  steals 
your  data,  everything  looks  the 
same  as  it  did  before,  only  some¬ 
one  else  has  a  copy  of  it.” 

Goldoff’s  company  has  hard¬ 
ened  its  IT  assets  against  internal 
and  external  threats  by  locking 
down  desktops.  HoneyBaked 
Ham  requires  periodic  password 
changes  and  doesn’t  allow  users 
to  receive  Zip  files  or  install  unau¬ 
thorized  software. 

The  company  also  doesn’t  do 
wireless.  “We  don’t  allow  wire¬ 
less  in  our  infrastructure,  be¬ 
cause  of  the  cost  of  implement¬ 
ing  security  Goldoff  said.  “It  can 
be  done  right,  but  it’s  expensive 
and  complicated.” 

Industrywide,  retailers  need  to 
be  careful  about  how  they  col¬ 
lect,  use  and  protect  consumer 
data,  said  Brian  Kilcourse,  chief 
strategist  at  Retail  Systems  Alert 
Group,  which  sponsored  the 
event.  Kilcourse  shared  prelimi¬ 
nary  results  of  a  study  the  group  is 
conducting  to  see  how  retailers 
handle  customer  data. 

Only  32%  of  retailers  encrypt 
consumer-specific  data  within 
databases,  and  only  40%  capture 
forensic  data  about  how  con¬ 
sumer-specific  information  is  put 
to  use,  Kilcourse  said. 

Additionally  less  than  half  of 
retailers  have  a  formal  incident- 
response  plan  for  breaches  of 
consumer  data  ■ 


Wyse  sets  fresh  course  for  thin  clients 


BY  JOHN  COX 

Wyse  Technology  last  week  announced  new 
versions  of  its  thin-client  operating  system  and 
device-management  software,  plus  an  applica¬ 
tion  that  the  company  says  can  stream  soft¬ 
ware  components  to  any  thin  client  on 
demand. 

The  products  signal  a  shift  by  the  company 
away  from  its  traditional  focus  as  a  hardware 
vendor  supplying  companies  with  desktop 
terminals  that  display  server-based  applica¬ 
tions.  Wyse  plans  to  be  more  of  a  software 
supplier  for  those  terminals  and  other  thin- 
client  devices,  the  company  says.  Its  goal  is  to 
create  applications  that  can  set  up  and  man¬ 
age  a  thin-client  device,  based  on  the  user  and 
its  use. 

But  other  companies  have  introduced  simi¬ 
lar  capabilities.  One  is  archrival  Neoware 
Systems,  which  bought  a  French  software  ven¬ 
dor  in  April  and  recently  introduced  its  Image 
Manager.  Ardence  also  streams  both  operating 
system  and  application  components  to  clients. 
Others,  such  as  SoftonNet,  Softricity  and 


Stream  Theory,  focus  on  streaming  just  the 
application. 

Wyse’s  goal  is  to  build  on  the  current 
deployment  of  thin  clients  in  the  enterprise. 
Today,  companies  typically  deploy  thin 
clients  to  minimize  the  costs,  the  adminis¬ 
trative  headaches  and  the  risks  of  virus 
attacks  inherent  in  running  and  maintaining 
full-fledged  Windows  PCs. 

In  the  future,  companies  will  benefit  from 
stateless  thin  clients  that  eliminate  hard  disks 
and  flash  memory,  can  be  configured  by  the 
network  when  they  come  online,  can  be  fed 
just  those  software  components  needed  at  any 
given  time  and  are  immune  to  viruses,  says 
John  Kish,  CEO  at  Wyse. 

Wyse  has  rewritten  its  ThinOS,  formerly 
called  Blazer,  so  that  it  can  be  easily  ported  to 
a  variety  of  chip  architectures. 

“We  think  the  thin-client  concept  will  move 
fast  into  consumer  markets,”  Kish  says.  “Those 
markets  have  a  range  of  alternative  chipsets, 
for  example,  low-power  chipsets  found  in 
mobile  phones.  We  want  our  operating  system 


to  be  transparent  to  these  chip  architectures.” 
He  says  Wyse  is  in  talks  with  various  chipmak- 
ers  but  declined  to  say  which  ones. 

The  most  visible  part  of  the  company’s 
scheme  is  the  new  Wyse  Streaming  Manager, 
which  runs  on  a  server  but  acts  as  if  it  were 
the  local  hard  disk  for  networked  client 
devices.  When  a  thin  client  is  powered  on,  it 
activates  a  Pre-Execution  Environment  boot 
request,  which  is  sent  to  the  Streaming 
Manager. 

The  Wyse  software  sends  a  network  boot 
program,  authenticates  the  device  and  then 
sends  to  it  those  parts  of  the  operating  system 
needed  to  run  the  requested  applications. 

The  software  runs  in  RAM  on  the  device. 
Users  log  on  and  are  authenticated  as  they  are 
today  and  see  no  difference  in  application  per¬ 
formance, says  Jeff  McNaught, Wyse’s  vice  pres¬ 
ident  of  corporate  strategy  ■ 
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The  Xerox  Phaser*  8500  network  color  printer 
delivers  heavyweight  specs  at  a  featherweight  price. 
Which  means  it  can  take  on  anybody. 

Xerox  Color.  It  makes  business  sense. 


Spec  for  spec,  the  Xerox  Phaser  8500  is  one  tough 
little  network  color  printer  with  amazing  moves 
for  just  $899.  Like  up  to  24  color  pages  a  minute 
and  an  industry-leading  first-page-out  time  that 
delivers  stunning  600  dpi  color  in  just  6  seconds. 
It  has  Driver  Color  Controls  to  match  output  color 
to  the  color  on  your  computer  screen.  And  talk  about 


endurance!  With  one  of  the  largest  standard  paper 
capacities  in  its  class,  it  just  keeps  going.  The  Phaser 
8500  is  easy  to  install  and  maintain.  Solid  ink 
technology  even  makes  it  environmentally  green. 
Naturally,  it  comes  from  a  line  of  winning  color 
printers  and  multifunction  systems.  To  learn  more, 
contact  us.  Our  little  champ  will  knock  you  out. 
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Server  processor  battles  heat  up 


Getting  an  edge 

Intel  continues  to  dominate  the  x86  server  market,  but  AMD 
is  coming  fast  on  its  heels  with  its  high-performing  Opteron. 
A  look  at  the  competition: 


April  2003 

AMD  launches  its  Opteron  processor,  enabling  both  32-  and  64- 
bit  computing  on  the  traditional  x86  platform. 

July  2003 

IBM  ships  first  Opteron  server. 

January  2004 

Intel  introduces  IA-32  Execution  Layer  software  for  Itanium, 
hoping  to  make  it  easier  to  run  32-bit  applications  on  the  64- 
bit  platform  and  better  compete  with  Opteron. 

February  2004 

Sun  ships  first  Opteron  server. 

HP  announces  Opteron  servers. 

Intel  adds  64-bit  extension  technology  to  Xeon  to  better  compete 
with  Opteron. 

April  2005 

AMD  launches  its  dual-core  Opteron. 

October  2005 

Intel  releases  dual-core  Xeon. 

Intel  rejiggers  processor  road  map  and  delays  release  of  dual¬ 
core  Itanium  2  until  mid-2006.  It  also  announces  a  new  Xeon, 
code-named  Tigerton,  to  appear  in  2007  with  high-speed  interconnect 
technology  to  reduce  latency  between  the  chip  and  memory. 

BY  JENNIFER  MEARS 

Intel  continues  to  dominate  the 
x86  processor  market,  but  rival 
Advanced  Micro  Devices  is  mak¬ 
ing  inroads  as  users  turn  to  its 
Opteron  processor  for  souped-up 
performance  on  low-end  servers. 

A  key  reason  for  the  move  is 
Opteron’s  Direct  Connect  Archi¬ 
tecture,  which  links  the  CPU 
directly  with  memory,  I/O  and 
other  CPUs,  eliminating  traffic  bot¬ 


tlenecks  that  occur  when  data 
moving  on  and  off  the  processor 
must  share  a  front-side  bus,  as  is 
the  case  with  Intel’s  Xeon  chip.  In 
addition,  Opteron  uses  an  on-chip 
memory  controller,  which  ana¬ 
lysts  say  gives  the  CPU  a  boost 
when  transferring  data  between 
the  processor  and  the  rest  of  the 
system. 

This  is  increasingly  important  as 
systems  move  to  multicore  archi¬ 


tecture.  With  AMD’s  approach,  pro¬ 
cessing  happens  faster  and  as 
more  CPUs  are  added  to  a  system, 
they  get  the  memory  bandwidth 
they  need  and  do  not  have  to 
compete  for  bandwidth  over  a 
shared  connection,  analysts  say 

Intel  plans  to  add  a  high-speed 
interconnect  technology  to  Xeon, 
but  the  chip  maker  altered  its 
road  map  last  month,  saying  that 
Tigerton,  its  first  chip  to  have  this 
feature,  wouldn’t  ship  until  2007. 
As  for  an  on-board  memory  con¬ 
troller,  Intel  scrapped  Whitefield, 
which  was  to  have  been  the  first 
Xeon  with  this  type  of  architec¬ 
ture,  in  favor  of  Tigerton. 

Nathan  Brookwood,  principal 
analyst  at  Insight  64,  says  he  does¬ 
n’t  expect  to  see  a  Xeon  with  an 
on-board  memory  controller  until 
2009  at  the  earliest,  and  without 
that  feature  “we  see  little  likeli¬ 
hood  that  Intel  will  be  able  to 
claim  performance  leadership.” 

Moving  to  Operton 

Meanwhile,  start-ups  and  corpo¬ 
rate  buyers  in  growing  numbers 
are  turning  to  Opteron  as  a  more 
powerful  alternative  to  Xeon. 

Media  software  company  ME- 
Soft,  for  example,  recently  ditched 
its  Xeon-based  systems  in  favor  of 
Opteron  to  boost  the  perfor¬ 
mance  of  its  processor-intensive 
video-encoding  software. 

“Our  bar  is  measuring  how  close 
to  real  time  we  can  do  encoding,” 
says  Freddy  Goeske,  co-founder 
and  vice  president  of  technology 
at  the  Burbank,  Calif.,  software 
firm.  “On  our  Intel  systems  it  was 
taking  six  hours  to  encode  one 
hour  [of  video]  .With  AMD,  it  takes 
about  an  hour  and  a  half . . .  we’re 
confident  that  we’ll  have  real-time 
encoding  in  a  short  while.” 

In  addition,  Goeske  says  he  is 
more  comfortable  with  AMD, 
given  Intel’s  road-map  shift. 

“It  seems  like  Intel  is  scrambling, 
to  be  honest.  I’m  really  glad  we’re 
not  in  that  mess  right  nowf  he 
says.  “It’s  pretty  clear  where  we’re 
going  for  the  next  couple  of  years 
with  AMD.  For  us  to  plan  high- 
bandwidth  encoders  around 
what  Intel  has  going  on  right  now, 
well,  I  wouldn’t  know  where  to 
begin.” 

According  to  Mercury  Research 
numbers  released  by  AMD,  in  the 
second  quarter  the  chip  maker’s 
server  market  share  surpassed 


10%  for  the  first  time  and  grew  to 
nearly  13%  in  the  third  quarter. 

“They  are  eating  into  Intel’s  mar¬ 
ket  share,  and  that  will  continue,” 
Brookwood  says.“Right  now  AMD 
has  performance  advantages,  they 
have  power  advantages,  they  have 
performance-per-watt  advantages.” 

AMD’s  challenge  is  that  Intel  has 
the  edge  when  it  comes  to  market 
reputation,  Brookwood  says. 

“But  people  who  are  more  inter¬ 
ested  in  performance  than  they 
are  in  the  name  on  the  box  or  the 
name  on  the  chip  are  going  to 
have  to  pay  serious  attention  to 
Opteron,”  he  says. 

Start-ups  and  systems  vendors 
already  are  paying  serious  atten¬ 
tion.  Consider  that  Sun  is  partner¬ 
ing  with  AMD  and  is  launching  an 
extensive  low-end  server  line 
based  on  Opteron.  HP  and  IBM 
also  offer  Opteron-based  systems. 

Fabric7,  a  server  start-up  that 
launched  last  w’eek  (www.net 
workworld.com,  DocFinder:  9639) 
chose  Opteron  as  the  processor 
for  its  standards-based  midrange 
servers.  “Intel  has  a  more  scalable 
product  line  called  Itanium,  but  at 
this  point  we  believe  scalable  x64 
processors  have  broader  appeal 
to  the  market,  because  they  don’t 
disrupt  the  binary  compatibility 
of  applications,”  says  Sharad 
Mehrotra,  president,  CEO  and 
founder  of  Fabric?. 

“With  Opteron  we  have  the 


capability  to  build  very  flexible, 
scalable  16-way-class  multiproces¬ 
sor  systems,  and  we  can  use  the 
built-in  HyperTransport  switch 
[which  provides  the  direct  link 
between  CPU  and  the  rest  of  the 
system]  to  implement  hardware 
partitioning,”  he  says. 

Liquid  Computing,  which  is 
building  modular, scalable  servers 
for  high-performance  computing, 
also  bases  its  design  on  Opteron, 
as  does  Appro,  which  also  targets 
the  high-performance  computing 
market. 

Virtualization  software  maker 
Virtual  Iron  recently  broadened 
its  software  to  support  Opteron, 
and  PC  blade  company  Clear- 
Cube  says  there  is  growing  de¬ 
mand  for  Opteron-based  prod¬ 
ucts  to  handle  more  demanding 
workloads. 

While  AMD  may  not  hold  the 
performance  edge  forever,  Intel  is 
finding  itself  in  an  unfamiliar  posi¬ 
tion  of  playing  catch-up,  says 
Gordon  Haff,  an  analyst  at 
Illuminata. 

“Intel  got  fat,  dumb  and  happy’ 
he  says.  “The  fact  that  you  have 
pretty  much  a  drop  in  replace¬ 
ment  for  Xeon  makes  [Intel’s]  mis- 
cues  that  much  more  glaring  and 
that  much  more  meaningful.” 

IDG  News  Service  correspondent 
Tom  Krazit  contributed  to  this 
story. 


ScanSafe  to  launch 
security  service 

BY  CARA  GARRETSON 

A  U.K.  company  this  week  plans  to  launch  its  Web  security  service  in 
the  United  States,  aiming  to  protect  companies  from  Internet-borne 
threats  much  the  way  e-mail  security  services  block  malicious  messages. 

ScanSafe’s  service  is  designed  to  keep  viruses,  spyware  and  other 
malicious  code  out  of  corporate  networks  by  having  all  of  its  cus¬ 
tomers’  HTTP  inbound  and  outbound  traffic  travel  through  its  data  cen¬ 
ter  for  scanning  and  filtering.  While  scouring  inbound  Web  traffic  for 
threats  and  outbound  traffic  for  policy  violations  is  not  new,  ScanSafe 
says  it’s  the  first  to  offer  such  features  as  a  managed  service. 

Protecting  all  PCs  on  the  network,  not  just  those  he  manages,  would 
be  a  strong  selling  point  for  Mike  Irick,  assistant  IT  director  at  California 
State  University  San  Marcos,  which  is  evaluating  ScanSafe’s  service. The 
university  uses  an  appliance  to  protect  from  Web-based  threats,  but  with 
professors  logging  on  from  home  and  students  plugging  their  PCs  into 
the  network,  that  protection  goes  only  so  far,  he  says. 

The  university  uses  FrontBridge’s  service  for  e-mail  security  and  is 
considering  taking  that  model  to  Web  security  with  ScanSafe. 

“In  the  e-mail  world, services  have  got  scanning  e-mail  down  to  get  rid 
of  spam  and  malicious  attacks.  But  the  whole  other  enchilada  are  the 
vectors  where  it  comes  through  the  Web,”  Irick  says. 

One  of  the  challenges  in  bringing  a  security  service  to  the  Web  is 
latency  says  Dan  Nadir,  ScanSafe’s  vice  president  of  product  strategy 
and  former  executive  with  FrontBridge,  acquired  by  Microsoft  this  sum¬ 
mer.  “What  I’ve  discovered  is  it’s  hard”  to  protect  HTTP  traffic,  he  says. 
“Instead  of  one  e-mail  at  time  —  at  FrontBridge  it  was  a  question  of  how 
many  messages  per  second  can  we  process  —  here  we  might  have  100 
users  clicking  on  Web  sites  simultaneously’ 

The  company  has  developed  a  network  of  servers  in  its  data  centers 
that  process  in  a  massively  parallel  manner  so  that  the  different  ele¬ 
ments  comprising  a  Web  page  are  processed  at  once  and  sent  back  to 
the  user. There  is  no  significant  affect  on  response  rates,  Nadir  says. 

ScanSafe  isn’t  looking  to  sell  its  service  directly  to  corporations,  but 
through  channel  partners,  particularly  those  companies  that  offer 
e-mail  security  services  and  want  to  add  Web  security  to  their  portfolio, 
Nadir  says.  MessageLabs,  for  example,  launched  a  Web  protection  ser¬ 
vice  last  month  that  resells  ScanSafe’s  services,  he  says. 

ScanSafe,  which  was  formed  in  the  U.K.  in  2004  and  has  900  clients  in 
Europe, competes  with  McAfee,  Barracuda  Networks,  Blue  Coat  Systems 
and  Trend  Micro.  Nadir  says  the  company’s  hosted  service  model  will 
give  it  an  advantage.  While  some  corporations  back  off  from  letting 
another  company  host  its  e-mail, he  says  most  will  be  comfortable  send¬ 
ing  Web  traffic  through  a  security  service. 

“People  don’t  have  the  same  hang-ups  about  processing  Web  traffic 
for  security  and  privacy  as  they  do  with  e-mail,”  Nadir  says.  ■ 
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_THE  INVASION 


_DAY  3:  The  servers  have  taken  over.  We  bought 
so  many  affordable  ones  we  can’t  afford  the  people 
to  manage  them.  How  far  does  this  sprawl  spread? 
Have  they  taken  over  the  city?  The  planet? 

Ma,  have  they  gotten  to  you,  too?  (Must  type 
very,  very  quietly.  They’re  L-I-S-T-E-N-I-N-G.) 
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The  botnet  menace 

Steps  to  guard  against  infestation  of  networks. 

•  Keep  desktops,  servers  patched;  bots  are  often  deposited  during  worm  attacks 
that  exploit  software  vulnerabilities. 

•  Use  anti-virus  and  anti-spyware  software  that  can  detect  and  eliminate  known 
back-door  bot  code. 

•  Use  desktop  firewalls  that  identify  a  bot  attempt  to  “phone  home"  for  instructions. 

•  Block  Internet  Relay  Chat  ports  at  the  firewall  level,  as  bots  are  often  controlled 
through  IRC  channels. 

•  Beware  that  botnets  are  increasingly  controlled  or  distributed  via  peer-to-peer 
file  sharing,  the  Web's  Port  80  and  instant  messaging. 

•  Know  that  the  rootkit  design,  encryption  and  polymorphism  of  some  bot  code 
makes  it  virtually  undetectable  or  unremovable  without  a  complete  overhaul  of 
an  infected  system. 
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continued  from  page  1 

20-year-old  Jeanson  James 
Ancheta  allegedly  made  about 
$60,000  by  selling  access  to  the 
bot  net  to  hackers  and  spammers. 

Bots,  seeded  by  attackers 
through  worms,  viruses  or  other 
means  to  exploit  desktop  and 
server  vulnerabilities,  are  herded 
into  botnets  that  can  force  zom¬ 
bie  machines  to  work  together  on 
virtually  any  task,  the  most  com¬ 
mon  being  spam,  denial-of-ser- 
vice  (DoS)  attacks  and  data  theft. 
Security  experts  say  bots  have  in¬ 
fected  millions  of  computers,  hide 
better  than  ever  through  use  of 
rootkits  and  encryption,  and  can 
break  passwords. 

In  addition,  while  botnets  once 
were  controlled  exclusively 
through  Internet  Relay  Chat  (IRC) 
channels  —  one  reason  many 
companies  say  they  block  IRC 
firewall  ports  —  they  increasingly 
are  being  manipulated  through 
other  means,  such  as  the  Web, 
instant  messaging  or  peer-to-peer. 

“The  state  of  bot  technology  has 
reached  the  point  that  the  state  of 
Web  technology  has,”  says  Peter 
Tippett,  CTO  at  Cybertrust,  whose 
security  experts  dive  into  the 
online  netherworld  to  track 
almost  12,000  people  contribut¬ 
ing  to  bots  or  renting  out  botnets. 
“Instead  of  fighting  with  each 
other,  these  guys  are  working 
together  and  posting  their  code. 
It’s  evil  open  source.  We’re  getting 
a  rich  set  of  commands  and  capa¬ 
bilities  used  by  the  bad  guys.” 

Bots  are  incorporating  encryp¬ 
tion  and  shape-shifting  polymor¬ 
phism,  as  the  variant  of  Agobot 
(also  known  as  Gaobot)  showed 


last  year,  and  using  rootkits  — 
code  that  allows  a  permanent 
and  undetectable  presence  on  a 
computer  —  to  bury  deep  inside 
a  machine. 

The  first  bot  with  a  rootkit  was 
probably  the  variant  of  Rbot  that 
appeared  in  May,  says  Dave  Ken¬ 
nedy,  senior  risk  analyst  at  Cyber¬ 
trust.  Rootkits  —  particularly  the 
kernel-level  sort  that  conceal 
malicious  code,  such  as  a  cloak¬ 
ing  device  —  can’t  be  removed 
by  most  anti-virus  or  anti-spyware 
products,  says  Martin  Overton, 
security  specialist  at  IBM  Global 
Service,  although  one  anti-virus 
vendor,  F-Secure,  is  adding  a  toolk¬ 
it  called  Blacklight  for  detecting 
and  removing  rootkits. 

These  developments  in  bots 
have  security  vendors  gravely 
concerned  about  an  escalating 
menace. 

“Kernel-level  rootkits  are  an 
extremely  difficult  problem,” says 
Vincent  Weafer,  Symantec’s 
senior  director  of  security  re- 
sponse.“Anti-virus  software  alone 
isn’t  sufficient.” 

Numbers  growing 

Symantec’s  research  shows  an 
average  of  10,352  botnets  became 
active  each  day  in  the  first  half  of 
this  year,  an  increase  of  more  than 
140%  from  the  previous  semi¬ 
annual  count.  Some  high-profile 
bots,  including  Mytob  and  Sdbot, 
also  are  popping  up  on  the 
monthly  top-10  lists  from  anti¬ 
virus  vendors  McAfee,  Kaspersky 
Lab.Sophos  and  Trend  Micro. 

Symantec  says  companies  have 
to  apply  a  broad  range  of  protec¬ 
tive  measures  (see  graphic),  in¬ 
cluding  up-to-date  patching  and 
desktop  firewalls,  as  well  as  block¬ 


ing  IRC,  so  a  bot  can’t  “phone 
home  for  instructions.” 

The  outlook  is  similar  at  com¬ 
petitor  McAfee. 

“The  issue  is  newness,”  says  Ally- 
son  Myers,  McAfee  virus  research 
engineer.  Anti-virus  and  anti-spy- 
ware  software  detect  what’s 
known,  so  if  a  new  bot  variant 
slips  in  via  a  software  vulnerabili¬ 
ty  and  installs  itself  with  a  rootkit, 
the  chances  of  unearthing  it  grow 
more  slim.  Some  host-based  intru¬ 
sion-detection  systems  will  detect 
kernel  wrapping.  Behavior-based 
intrusion  detection  also  may 
catch  bots  before  they’re  officially 
identified. 

“The  mutation  rate  is  accelerat¬ 
ing,  and  these  bad  guys  are  going 
to  find  ways  to  hide  the  traffic,” 
says  Sam  Curry  vice  president  of 
the  eTrust  division  at  Computer 
Associates. 

Show  me  the  bot  money 

One  reason  for  the  growing 
focus  on  stealth  and  more  effi¬ 


cient  bot  design  is  that  botnets  are 
a  growing  underground  industry 
where  bot  masters  rent  out  their 
botnets  for  every  imaginable 
criminal  use. 

Spam,  DoS  and  data  theft  are 
the  botnet  economy’s  money 
makers.  Bot  masters  are  coming 
up  with  modular  bot  designs  to 
quickly  update  bots  to  exploit 
new  vulnerabilities  or  disable 
virus  detection. 

Hugh  Thompson,  chief  security 
strategist  at  consultancy  Security 
Innovation,  says  his  research  has 
taken  him  to  several  “dark  alleys 
of  the  Internet,”  including  ones 
called  Macafacka  and  hastalav- 
ista,  where  botnets  are  rented  out 
by  the  hour  ($300  to  $700  per 
hour  is  not  uncommon)  and  buy¬ 
ers  pay  sellers  in  electronic  cur¬ 
rencies,  including  eGold  and  Web 
Money 

“Bots  are  about  capitalism  of  the 
criminal  kind, ’’Thompson  says. 

While  no  one  knows  how  much 
money  is  trading  hands  over  bot¬ 
nets,  recent  arrests  of  alleged  bot¬ 
net  designers  and  sellers  has  high¬ 
lighted  how  global  the  problem  is. 

Last  week’s  arrest  in  California, 
where  Ancheta  was  lured  to  FBI 
offices  in  Los  Angeles,  resulted  in 
a  17-count  federal  indictment  that 
included  conspiracy  transmission 
of  code  to  a  government  comput¬ 
er  and  money  laundering,  among 
other  things, a  Reuters  report  said. 
He  has  been  accused  of  attacking 
computers  at  the  Department  of 
Defense  and  other  sites,  accord¬ 
ing  to  a  U.S.  attorney  spokesman 
quoted  by  Reuters. 

Separately  the  FBI  in  late  August 
announced  it  cooperated  with 
law-enforcement  authorities  in 
Morocco  and  Turkey  to  arrest  two 
individuals  believed  to  be  respon¬ 
sible  for  the  creation  and  distribu¬ 


tion  of  the  Mytob  and  Zotob 
worm-propelled  bots.The  FBI  also 
gave  credit  to  Microsoft  for  assist¬ 
ing  in  the  investigation. 

The  two  individuals  apprehend¬ 
ed  were  18-year-old  Farid  Essebar, 
a  Morrocan  national  born  in 
Russia  who  used  the  handle 
DiablO,  and  21-year-old  Atilla 
Ekici,  a  resident  of  Turkey  using 
the  name  Coder. 

In  the  Netherlands  last  month, 
Dutch  authorities  arrested  three 
unnamed  individuals,  also  in  their 
teens  or  20s,  on  the  suspicion  of 
taking  control  of  more  than 
100,000  PCs  via  the  backdoor 
Toxbot.  They  allegedly  used  this 
botnet  to  steal  credit  cards  and 
personal  data,  and  to  blackmail 
online  businesses. 

Further  investigation  by  the 
Dutch  Computer  Emergency  Re¬ 
sponse  Team  and  ISPs  provided 
evidence  that  more  than  1.5  mil¬ 
lion  PCs  were  involved,  30,000  of 
them  in  the  Netherlands. 

The  growing  botnet  threat  is  not 
lost  on  many  security  managers. 

“We  block  IRC  because  of  its 
association  with  back-door  chan¬ 
nels,”  says  David  Arbo,  director  of 
security  at  global  shipping  com¬ 
pany  APL  in  Oakland,  Calif.  “One 
of  our  biggest  concerns  now  is 
that  we  make  sure  we’re  not  par¬ 
ticipating  in  a  botnet  infection. 
There  could  be  liabilities  of  all 
kinds  in  that.” 

The  decision  to  block  IRC  is  sim¬ 
ple  for  most  organizations  be 
cause  it  is  not  an  important  com¬ 
munications  method  for  most 
businesses.  But  botnets  are  in¬ 
creasingly  using  the  Web  and  IM 
for  propagation  and  control, 
which  has  security  experts  con¬ 
cerned. 

Last  week,  for  instance,  the  AOL 
Instant  Messenger  network  be 
came  the  route  for  Sdbot-ADD 
worm,  which  uses  a  rootkit  to  hide 
itself  and  to  attempt  to  shut  down 
anti-virus  programs. The  lockx.exe 
rootkit  in  Sdbot-ADD  connects  to 
an  IRC  server  and  waits  for  re 
mote  commands. 

APL’s  business  units  want  to  use 
IM,  Arbo  says,  so  the  computer 
department’s  staff  is  investigating 
IM  gateway  technologies,  such  as 
those  from  IMLogic  and  FaceTime 
Communications,  which  could 
help  minimize  bot-related  risk.  ■ 
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Cisco  discloses  three  security  issues 


BY  PHIL  HOCHMUTH 

Cisco  last  week  issued  three  security  advisories 
warning  of  potential  vulnerabilities  in  some  IOS- 
based  products  and  wireless  LAN  gear. 

The  most  critical  IOS  hole,  tied  to  exploits  revealed 
during  a  controversial  IOS  hacking  presentation 
made  at  this  summer’s  Black  Hat  USA  Conference, 
could  result  in  “remote-code  execution” —  or  attack¬ 
ers  using  a  Cisco  router  to  run  whatever  programs  or 
software  code  they  choose. 

The  WLAN  issue  involves  an  integration  problem 
between  Cisco  access  points  and  WLAN  access 
point  controllers  from  Airespace,  which  Cisco 
acquired  in  January  This  bug  could  result  in  some¬ 
one  using  a  Cisco  access  point  to  launch  attacks  on 
a  secured  WLAN. 

A  third  problem  involves  a  communication  glitch 


between  IOS  routers  running  intrustion-prevention 
system  features  and  security  management  software, 
which  could  result  in  malicious  traffic  slipping  into  a 
network. 

All  three  bugs  were  found  by  Cisco’s  security 
research  team  and  addressed  in  software  fixes 
issued  by  the  company  (for  a  link  to  patches  go  to 
www.networkworld.com,  DocFinder:  9638).  ■ 


nww.com 

Read  more 

Follow  this  story  online  with  an  in-depth  look  at  the  advisories. 

DocFinder:  9655 


_DAY  30:  It  s  gotten  worse.  I  m  trapped  in  a  maze 
of  our  own  creation.  Oh,  the  irony.  I  need  an 
answer.  (P.S.  I’m  frightened.) 


\ 
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_DAY  31:  I  need  IBM  Systems  with  virtualization 
technology.  Helps  you  manage  your  servers  and  storage, 
each  from  a  single  view,  so  you  can  deploy  resources 
on  the  fly.  Lets  you  scale  up  and  out  quickly. 

I  will  achieve  control.  I  will  be  a  big  hero. 

They  will  call  me  Ned.  Ned,  Champion  of  Simplicity. 
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Web  hosting 

continued  from  page  1 

is  tight,  and  costs  are  up,”  says 
Margie  Backaus,  chief  business 
officer  of  Equinix.  “We  used  to  do 
four-  or  five-year  deals  with  cus¬ 
tomers.  The  reason  we’re  doing 
one-  or  two-year  deals  is  that  we 
need  the  ability  to  raise  prices”  in 
response  to  the  changing  market 
dynamics. 

Internet  data  centers  are  so 
packed  in  certain  cities  such  as 
Chicago;  Washington, D.C.;  New 
York,  Los  Angeles  and  San  Fran¬ 
cisco  that  service  providers  have 
waiting  lists  of  customers  wanting 
floor  space.  For  example,  Equinix 
has  20  companies  on  waiting  lists 
for  its  facilities  in  Washington, 
D.C.,  Chicago  and  Silicon  Valley 

This  complete  turnabout  of  the 
Web  hosting  and  collocation  mar¬ 
kets  is  a  surprise  to  many  corpo¬ 
rate  network  managers  looking  to 
renew  their  contracts.  Rates  are  as 
much  as  double  what  they  were  a 
year  ago,  and  it’s  difficult  to  lock  in 
today’s  prices  for  more  than  a 
year,  industry  insiders  say 

“The  collocation  market  is  bru¬ 
tal  [for  customers]  right  nowf  says 
Mark  Winter,  executive  vice  presi¬ 
dent  of  IT  at  Deluxe  Laboratories, 
a  media  services  company  in 
Hollywood,  Calif. Winter  considers 
himself  lucky  to  have  replaced  his 
collocation  contracts  with  a  utility 
computing  deal  18  months  ago, 
when  buyers  had  more  leverage 
to  negotiate  prices  for  outsourc¬ 
ing  Web  applications. 

Winter  switched  from  buying 
collocation  services  from  Qwest 
and  WinStore  (with  Deluxe  own¬ 
ing  and  operating  the  hardware) 
to  a  fully  outsourced  utility  com¬ 
puting  contract  with  Sawis  a  year 
and  a  half  ago.  He  renegotiated  his 
contract  with  Sawis  this  summer 
to  lock  in  pricing  for  the  next 
three  years. 

“Our  prices  are  10%  higher  than 
with  Qwest  and  WinStore,  but  we 
have  no  capital  expenditures  and 
no  increase  in  head  count, ’’Winter 
says.'The  10%  increase  is  minimal 
because  it’s  a  lot  cheaper  than 
adding  head  count.  And  I  don’t 
have  to  buy  high-end  servers  or 
back-up  systems.” 

Winter  says  he  got  a  better  deal 
in  his  renegotiations  with  Sawis 
because  his  company  is  a  large, 
growing  customer.  Deluxe  almost 
doubled  the  number  of  server 
blades  it  uses  in  Sawis’  St.  Louis 
data  center  during  the  past  year. 

“I  have  more  leverage  because  I 


Revenue  on  the  rise 

Steady  growth  foreseen  in  U.S.  Web  hosting  services  market. 


came  in  earty  Winter  says.  “Sawis 
wanted  reference  customers.  I 
have  a  large  bundle  of  business 
with  Sawis,  so  I  have  some  buying 
power’’ 

For  network  executives  such  as 
Winter,  Web  hosting  and  colloca¬ 
tion  are  among  the  few  services  in 
their  telecom  budgets  with  rising 
prices. 

“In  the  last  year,  pricing  in  the 
collocation  market  is  up  from  an 
average  of  $20  a  foot  per  month  to 
$40  a  foot  per  month,”  says  Rob 
McCormick,  CEO  of  Sawis.“We  are 
doing  deals  now  in  the  mid-to- 
high  $40s.  But  that  is  far  below  the 
cost  to  build  a  new  data  center” 

Demand  for  Web  hosting  and 
collocation  services  picked  up  at 
the  beginning  of  2005,  and  service 
providers  are  scrambling  to  meet 
that  demand. 

Consider  the  following  develop¬ 
ments: 

•  AT&T  this  month  is  opening  a 
new  data  center  in  San  Jose, 
which  will  more  than  double  its 
hosting  capacity  in  Silicon  Valley 
and  AT&T  is  expanding  its  New 
York  center  by  27%.  It  also  is  open¬ 
ing  a  new  data  center  in  Shang¬ 
hai,  bringing  its  worldwide  total  to 
28  Internet  data  centers,  which 
offer  managed  hosting  services. 

•  Sawis  plans  to  open  a  127,000- 
square-foot  data  center  in  Santa 
Clara,  in  the  first  quarter  of  2006. 
This  will  give  Sawis  25  data  cen¬ 
ters,  providing  a  range  of  Web 
hosting  services  from  unmanaged 
floor  space  to  fully  managed  pay- 
as-you-go  utility  computing. 

•  MCI  plans  to  open  an  Internet 
data  center  in  the  Washington, 
D.C.,area  in  the  second  quarter  of 
2006.  MCI  recently  expanded  facil¬ 
ities  in  New  York,  Dallas  and 
Boston. 

•  Equinix,  which  has  been  the 
most  aggressive  at  buying  and 
retrofitting  abandoned  data  cen¬ 
ters  for  its  collocation  services, 


purchased  its  third  Internet  data 
center  in  the  Los  Angeles  area  in 
September.  Earlier  this  year,  Equin¬ 
ix  expanded  its  centers  in  Silicon 
Valley  and  Chicago. 

“In  the  past  22  months,  we’ve 
picked  up  six  centers  and  in¬ 
creased  our  overall  footprint  by 
50%, ”  Equinix’  Backaus  says.  “Our 
revenue  is  up  30%  year  over  year. 
What  we’ve  seen  is  very  good  and 
steady  demand  and  growth  not 
only  from  new  customers,  but  50% 
of  our  business  comes  from  our 
existing  base.” 

Like  Equinix,  all  of  the  top-tier 
Web  hosting  and  collocation  ser¬ 
vice  providers  are  reporting  dou¬ 
ble-digit  growth  in  revenue  this 
year.  However,  most  of  this  growth 
is  coming  from  a  handful  of  cities. 

“Data  center  expansion  is  not 
happening  across  the  board  in 
the  U.S.,”says  Melanie  Fbsey  direc¬ 
tor  of  telecom  service  at  IDC.“Sili- 
con  Valley  New  York  City  Wash¬ 
ington,  D.C.,  and  Los  Angeles  are 
the  four  geographic  areas  where 
we  see  the  most  growth.  In  a  lot  of 
other  markets,  there  is  still  plenty 
of  excess  capacity’ 

Fbsey  says  Web  hosting  prices, 
like  housing  prices,  depend  on 
the  supply  and  demand  in  a  par¬ 
ticular  city 

“In  some  areas,  the  service  pro¬ 
viders  have  a  certain  amount  of 
pricing  power  because  the  whole 
market  is  running  out  of  space. 
Chicago  is  an  example  of  that,” 
Fbsey  says.“But  prices  aren’t  dou¬ 
bling  in  Dallas,  where  there  is  tons 
of  data  center  capacity  Nor  are 
they  rising  as  fast  in  Denver  or 
Boston.” 

Fbsey  says  corporate  customers 
are  surprised  by  rising  prices  for 
Web  hosting  services  when  they 
renegotiate  their  contracts. 

“Buyers  tend  to  assume  a  favor¬ 
able  market  position,”  Fbsey  says. 
“It’s  not  the  same  level  of  shock 
that  you  see  around  today’s  gas 


prices,  but  prices  have  risen  for 
Web  hosting  services  relatively 
quickty’ 

Demand  for  Internet  data  center 
space  is  being  driven  by  corpo¬ 
rate  needs  for  disaster-recovery 
sites,  as  well  as  compliance  with 
new  industry  regulations,  includ¬ 
ing  the  Sarbanes-Oxley  Act. 

“Companies  understand  that 
they  need  a  primary  and  sec¬ 
ondary  site  for  their  critical  infor¬ 
mation,”  says  Tim  Connors,  prod¬ 
uct  director  for  AT&T  Enterprise 
Hosting  Services.Tompanies  also 
need  to  make  sure  that  their  data 
is  segregated  and  auditable.” 

AT&T  says  interest  in  Web  host¬ 
ing  is  rising  in  all  industries,  in¬ 
cluding  online  gaming,  financial 
services  and  e-retailing.  “The 
applications  run  the  gamut,” 
Connors  says.  “It’s  been  govern¬ 
ment  information  portals,  online 
retailers.search  engines.  It’s  been 
a  whole  range  of  applications 
and  industries.” 

Companies  also  are  turning  to 
Internet  data  centers  to  house 
their  Web  applications  because 
it’s  too  expensive  for  them  to  pro¬ 
vide  power  and  cooling  to  the  lat¬ 
est  blade  servers  and  storage 
devices  in  their  own  facilities. 

“The  latest  blade  servers  from 
Sun,  IBM  and  HP  take  up  way 
more  power  —  with  their  dual 
core  processors  and  small  form 
factor  —  than  the  machines  they 
are  replacing,”  says  Rick  Dyer, 
director  of  MCI  Hosting  Product 
Management.  “Most  of  the  data 
center  assets  out  there  were  built 
in  the  late  1990s  or  early  2000. 
Nobody  built  out  to  the  kind  of 
specs  required  to  handle  a  whole 
room  full  of  that  stuff.So  we’ve  had 
to  do  retrofitting  of  centers  to  han¬ 
dle  power  and  cooling  demands.” 

Another  factor  driving  up  Web 
hosting  prices  is  the  rise  in  ener¬ 
gy  prices  caused  by  Hurricane 
Katrina.  Service  providers  are 
seeing  their  own  power  and  air 
conditioning  costs  go  up,  and 
those  costs  will  be  passed  down 
to  customers. 

“Pricing  is  going  up  both 
because  there’s  not  enough  floor 
space  and  there’s  a  capacity  issue 
but  also  because  everyone  is 
needing  more  power,  and  utility 
costs  are  going  up,”  Dyer  says.“Qn 
a  per-cabinet  basis,  we  might  see 
doubling  of  prices  from  a  year  ago 
based  on  how  much  power  the 
customers  are  asking  fori’ 

Another  factor  driving  up  prices 
for  collocation  and  Web  hosting 
services  is  that  most  of  the  moth¬ 


balled  data  centers  built  by  dis¬ 
tressed  carriers  already  have  been 
purchased  and  rehabbed.  “The 
distressed  assets  are  almost  gone, 
especially  in  hot  markets  like 
Santa  Clara,  New  York  and  Wash¬ 
ington,  D.C,”  McCormick  says. 

Building  a  new  data  center  costs 
$100  million  to  $125  million  for 
80,000  to  100,000  square  feet,  Mc¬ 
Cormick  says.  Rehabbing  a  center 
built  a  few  years  ago  costs  sub¬ 
stantially  less  money  ranging  from 
$20  million  to  $50  million. 

“Equinix  and  Sawis  have  been 
saying  that  the  prices  in  the  mar¬ 
ket  will  almost  double  again  to 
$70  to  $80  a  square  foot  in  the 
next  couple  years,”  McCormick 
says.  “Customers  should  expect 
that  when  their  contracts  come 
up,  they’ll  have  to  spend  more. 
That’s  never  happened  before  in 
the  Web  hosting  market.” 

Even  with  prices  doubling  for 
Web  hosting  services,  some  net¬ 
work  executives  maintain  they 
are  still  saving  money  when 
compared  with  building  and 
operating  their  own  Internet 
data  centers. 

Daniel  Leskowski,  director  of 
IT  with  Konami  USA  in 
Redwood  City,  Calif.,  recently 
signed  a  multiyear  contract  with 
AT&T  to  outsource  the  network 
operations  that  support  its  pop¬ 
ular  Yu-Gi-Oh  Web  site.  Under 
the  terms  of  the  deal,  Konami 
owns  the  hardware  and  rents 
space  in  AT&T’s  Redwood  City 
Calif.,  data  center,  while  AT&T 
provides  management  and 
monitoring  services  for  the 
hardware. 

“Our  main  concern  is  to  make 
sure  we’re  profitable,”  Leskowski 
says.  “Our  ROl  analysis  showed 
cost  benefits  for  this  arrange¬ 
ment  when  compared  to  build¬ 
ing  a  data  center  ourselves  or 
completely  outsourcing  every¬ 
thing.  We  found  the  biggest  bang 
for  our  buck  in  this  kind  of  a 
combination  model.”® 
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Control  starts  with  IBM  Systems . 


Control  the  sprawl  by  physically  consolidating  your 
servers  and  storage,  putting  more  power  in  less  space. 

Control  complexity  by  pooling  systems  and  managing 
them  from  a  central  location.  Reducing  your  number  of 
disconnected  servers  and  storage. 

Control  costs  with  servers  that  partition  virtually  so 
you  can  do  more  with  less  on  a  single  system. 

i ... 

Control  time  with  systems  and  software  designed 
to  dynamically  manage  workloads  and  data 
helping  to  optimize  resources. 

Control  your  IT  destiny  with  IBM  Systems  - 
of  innovative  servers  and  storage  that  have  been 
to  make  your  infrastructure  and  your  life  simpler. 
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Server  and  storage  products  may  require  purchase  of  more  than  one  product  or  feature  to  enable  the  virtualization  capabilities.  These  products  or  features  may  incur  an  additional  charge.  IBM  and 
the  IBM  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2005  IBM  Corporation.  All  rights  reserved. 
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Software  as  a  service 

Microsoft  is  dramatically  incre 
plans  to  develop  them  for  both  c 

Strengths 

asing  its  focus  on  services  and 
onsumers  and  enterprise  users. 

Weaknesses 

Billions  of  dollars  in  cash  means  Microsoft 
can  lose  money  as  it  works  for  results. 

None  of  the  services  Microsoft  announced 
last  week  are  targeted  at  the  enterprise. 

Installed  base  likely  receptive  to  services 
in  certain  areas  such  as  management. 

Current  corporate  software  will  have  to 
be  re-engineered  in  a  services  model. 

Partner  community  sees  big  opportunity  in 
offering  services  around  Microsoft  software. 

Microsoft's  plan  of  action  and  its  strategy 
in  corporate  environments  is  vague.  j 
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continued  from  page  1 

10  or  fewer  employees. 

What  Microsoft  needs  to  ex¬ 
plain,  observers  say  is  how  it  plans 
to  turn  its  software  into  corporate 
services  or  offer  hosted  services 
for  its  current  crop  of  Windows 
Server  System  and  Office  System 
products. 

This  effort  would  likely  require 
re-engineering  of  software,  build¬ 
ing  a  new  brand  of  customer  loy¬ 
alty  rallying  its  partner  commun¬ 
ity  altering  its  corporate  culture 
and  pulling  off  another  high-pro¬ 
file  come-from-behind  victory 
with  word  processors,  spread¬ 
sheets  and  Internet  browsers. 

“This  effort  will  make  turning 
the  Titanic  look  like  a  minuscule 
activity  says  Carmi  Levy  senior 
research  analyst  with  the  Info- 
Tech  Research  Group.  “The 
largest  software  company  in  the 
world  needs  to  turn  itself  on  its 
ear  to  meet  the  challenges.” 

Levy  says  Microsoft  will  do  this 
on  a  piecemeal  basis  as  evi¬ 
denced  by  last  week’s  announce¬ 
ments.  “Microsoft  is  going  to  take 
its  licks  and  learn  its  lessons  in 
the  [small  business]  and  con¬ 
sumer  space,  but  ultimately  it  is 
going  to  extend  this  so  every 
product  from  Microsoft  has  some 
degree  of  services  component,” 
Levy  says. 

The  company  is  no  stranger  to 
services,  but  its  inability  to  exe¬ 
cute  effectively  in  the  past  has  cre¬ 
ated  an  Achilles’  heel. 

To  wit,  Microsoft’s  Chief  Software 
Architect  Bill  Gates  in  1998  sent  a 
14-page  internal  memo  outlining 
a  future  that  included  what  he 
called  a  MegaServer,  a  gigantic 
server  connected  to  the  Internet 
that  would  allow  on-demand 
delivery  of  any  type  of  informa¬ 
tion  to  a  user  from  any  computer, 
television  set-top  box,  palm-size 
PC  or  other  device. 

“Google  delivered  on  that  idea,” 
says  Keith  McCall,  co-founder  and 
CTO  of  Azaleos,  which  develops 
an  appliance  running  Exchange 
along  with  subscription  services 
for  monitoring  and  managing  the 
messaging  environment.  McCall 
says  Microsoft  must  battle  that 
beast,  starting  in  consumer  mar¬ 
kets  that  will  bleed  into  the  enter¬ 
prise,  as  evidenced  by  Google’s 
confirmation  last  week  that  it 
plans  to  contribute  to  the  Open- 
Office.org  project,  which  com¬ 
petes  with  Microsoft  Office. 

Microsoft  is  reacting  to  a  market 


finally  turning  into  software  as  a 
service.  An  IDC  survey  of  512 
North  American-based  IT  profes¬ 
sionals  shows  that  nearly  79% 
have  purchased  or  are  reviewing 
software-as-a-service  offerings. 

Those  figures  and  the  trend 
toward  services  represented  by 
Web  2.0,  on-demand  comput¬ 
ing,  software  as  a  service  and 
Web  services  is  proving  that 
shrink-wrapped  software  is 
under  attack. 

“We  are  not  a  company  that  uses 
a  lot  of  internal  IT  support,  there¬ 
fore  we  want  to  find  something 
and  support  it  minimalty’says  Bill 
Patten,  director  of  sales  manage¬ 
ment  at  Philadelphia’s  Sovereign 
Bank,  a  $40  billion  financial  insti¬ 
tution  that  is  one  of  the  top  25 
largest  banks  in  the  United  States. 
That  led  Patten  to  Salesnet’s  CRM 
online  service  when  the  bank 
sought  to  automate  its  sales  and 
marketing  processes. 

The  company  has  rolled  out  the 
service  to  eight  departments  and 
is  looking  to  customize  it  for 
many  more.  “The  flexibility  and 
the  nimbleness  of  this  service 
allows  us  to  be  creative,”  he  says. 

One  of  the  first  challenges  fac¬ 
ing  Microsoft  is  that  it  must  define 
services,  some  say 

“There  is  not  a  clear  picture  on 
the  whole  enterprise  and  what 
Microsoft  means  when  it  talks 
about  services,”  says  Paul  De- 
Groot,  an  analyst  with  indepen¬ 
dent  consulting  firm  Directions 
on  Microsoft.  He  says  MSN  ser¬ 
vices  are  one  example,  but  there 
are  also  managed  services,  such 
as  Microsoft’s  work  with  Energizer 
Holdings,  which  brought  in  some 
of  Microsoft’s  internal  IT  people 
last  year  to  help  run  IT,  migrate 
mail  systems  and  do  other  tasks.“I 
can  see  managed  services  being 
an  attractive  option  for  the  enter¬ 
prise,”  DeGroot  says. 

But  software,  Microsoft’s  forte,  is 
the  other  side  of  the  coin. 

The  company  has  signaled  its 


intentions  to  bring  Microsoft 
Dynamics  CRM  and  other  busi¬ 
ness  applications  into  the  services 
fold  to  combat  companies  such 
as  Salesforce.com,  NetSuite  and 
Salesnet.  And  it  is  using  Share- 
Point  technology  to  support 
Office  Live. 

Microsoft  can  point  to  experi¬ 
ence  it  has  today  running  enter- 
prise-class  services,  including 
Office  Live  Meeting  for  Web  con¬ 
ferencing  and  FrontBridge.a  man¬ 
aged  service  around  e-mail  hy¬ 
giene.  But  because  those  services 
were  obtained  through  acquisi¬ 
tion,  the  company  cannot  point  to 
expertise  in  developing  enterprise 
services. 

The  challenge,  observers  say,  is 
re-engineering  existing  Microsoft 
applications  for  a  services  world, 
most  notably  the  concept  of 
multi-tenant  capabilities  that 
allow  multiple  users  to  reside  on 
a  single  server. 

“When  Microsoft  initially  archi¬ 
tected  its  applications  it  didn’t 
build  in  the  multi-tenant  capabili¬ 
ties  so  it  was  a  challenge  from  a 
security  perspective  to  manage 
multiple  customers  in  a  single  in¬ 
stance  of  Exchange,  for  instance,” 
says  Brent  Arslaner,  vice  president 
of  marketing  for  Jamcracker, 
which  offers  tools  to  aid  running 
software  in  a  hosted  environment. 

Microsoft  is  working  on  multi- 
tenant  capabilities  for  the  next 
version  of  its  Dynamics  CRM  pro¬ 
duct  and  it  has  developed  some 
customized  multi-tenant  tools, 
including  one  that  allows  multi¬ 
tenant  hosting  of  Microsoft  Solu¬ 
tion  for  Enhanced  VoIP  services, 
which  combines  Exchange 
Server,  Office  Live  Communica¬ 
tions  Server  2005  and  Windows 
ShareFbint  Services. 

Observers  say  developing  those 
sorts  of  focused  offerings  will  be 
another  challenge  for  Microsoft. 

“There  is  a  small  set  of  services 
that  can  be  delivered  to  address 
specific  pain  points  enterprises 


have,”  Azaleos’  McCall  says. 
“Microsoft  needs  to  find  those 
pain  points.  It  needs  to  figure  out 
which  of  those  can  be  satisfied 
by  a  hosted  service,  and  they 
need  to  build  those  services  or 
buy  companies  that  do.” 

Another  big  hurdle  will  be 
building  customer  loyalty,  be¬ 
cause  the  services  market  doesn’t 
offer  the  type  of  platform  lock-in 
that  Microsoft  now  enjoys.  With 
services,  customers  can  unplug 
from  one  provider  in  the  morning 
and  start  up  with  another  in  the 
afternoon. 

“One  of  the  biggest  issues  that 
on-demand  vendors  face  is  cus¬ 
tomer  churn,”  says  Jonathan 
Tang,  president  and  co-founder 
of  Salesnet.  “If  you  can’t  keep  a 
customer  happy  with  the  ser¬ 
vice  there  is  no  risk  to  them  and 
they  leave.” 

Tang  says  Microsoft  as  a  product 
and  platform  company  is  not  set 
up  with  the  right  customer- 
focused  mentality  because  it  re¬ 
lies  on  such  a  huge  reseller  chan¬ 
nel. ‘A  lot  of  the  responsibility  will 
be  placed  on  their  [independent 
software  vendors]  and  reseller 


Security 
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partners,”  he  says. 

Microsoft’s  reaction  to  all  this 
seems  to  be  a  state  of  panic, 
DeGroot  says. 

“Microsoft  sees  some  immediate 
threats  that  require  some  immedi¬ 
ate  reaction,”  a  fact  that  is  reflected 
in  Microsoft’s  recent  reorganiza¬ 
tion,  he  says.  In  September  the 
company  formed  three  new  divi¬ 
sions:  Microsoft  Platform  Pro¬ 
ducts  &  Services  Division;  Micro¬ 
soft  Business  Division;  and  the 
Microsoft  Entertainment  &  De¬ 
vices  Division.  Ray  Ozzie,  cur¬ 
rently  Microsoft’s  CTO,  took  re¬ 
sponsibility  for  driving  Micro¬ 
soft’s  software-based  services 
strategy. 

“It’s  weird  that  they  have  not 
succeeded  in  this  space  and  now 
they  are  building  a  business 
around  it,”  DeGroot  says.  But,  he 
says,  Microsoft  has  a  history  of 
playing  from  behind  and  still 
winning.  ■ 
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senior  telecom  technologist  for  the  Delaware  Department  of  Tech¬ 
nology  and  Information.  State  workers  or  students  could  connect  via 
SSL  to  proxy  servers  on  the  Internet  that  allow  them  to  access  sites  that 
might  be  blocked  by  content  filters,  he  says. 

The  new  ProxySG  software  terminates  SSL  sessions,  and  before  re¬ 
encrypting  the  traffic,  checks  for  malicious  code  or  whether  the  con¬ 
nection  is  made  to  a  forbidden  site.  Without  the  Blue  Coat  proxy  the 
state  would  have  no  way  to  differentiate  between  banned  SSL  sessions 
and  legitimate  ones,  Wright  says. 

The  SSL  proxy  software  and  add-on  SSL  acceleration  hardware  costs 
$450  to  $12,000,  depending  on  which  ProxySG  appliance  it  is  added  to. 
It  is  expected  to  ship  in  February 

To  battle  subtle  threats  that  appear  for  the  first  time,  start-up  Granite- 
Edge  is  introducing  an  appliance  that  analyzes  network  traffic  for 
unusual  behavior  and  links  it  to  related  behavior  that  adds  up  to  an 
attack.  It  then  notifies  administrators  and  supplies  them  with  a  chart 
that  links  the  suspicious  activities. 

The  GraniteEdge  ESP  device  draws  a  chain  of  related  events  so  users 
can  follow  and  head  off  the  progress  of  multistage  attacks  as  they  un¬ 
fold.  It  is  meant  to  discover  attacks  that  are  designed  to  remain  unde¬ 
tected  by  virus  filters,  intrusion-detection  software  and  other  signature- 
based  security 

“It  answers  how  you  tell  which  events  are  related,”  says  Peter  Christy  a 
principal  at  Internet  Research  Group.  “It  connects  the  dots  to  weird 
events  that  show  up." 

He  says  it  does  not  compete  directly  with  intrusion  detection  and  pre¬ 
vention  products.These  other  products  are  useful  in  reducing  the  num¬ 
ber  of  attacks  that  reach  the  network,  he  says,  and  GraniteEdge  ESP  can 
find  attacks  for  which  there  are  no  signatures. 

Pricing  for  the  gear  starts  at  $120,000,  which  includes  an  appliance 
and  two  sensors  that  are  placed  on  the  network  to  monitor  traffic.  As 
the  number  of  network  segments  to  be  monitored  increases,  so  does 
the  price.  ■ 
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Don’t  be  limited  by  Wi-Fi  hotspots. 

Enjoy  the  freedom  of  Verizon  Wireless  BroadbandAccess, 
the  nation’s  largest  high-speed  wireless  broadband  network. 

Wi-Fi  only  works  in  limited  locations,  while  BroadbandAccess  works  coast  to  coast  in  over  60  metropolitan  areas,  covering 
over  140  million  Americans.  And  unlike  Wi-Fi,  BroadbandAccess  has  wide-area  coverage  and  secure  CDMA  technology,  so  you 
have  the  freedom  to  work  where  it’s  convenient  for  you.  Connect  to  the  Internet,  company  intranet,  or  email  and  download 
critical  information  and  access  business  applications  at  average  speeds  between  400-700  kbps.  Now  you  can  work  when  you 
want,  in  more  places  nationwide.  And  if  you’re  traveling  internationally,  we  now  have  a  global  data  card. 
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Call  our  business  reps  at  1.800.VZW.4BIZ  or  go  to  verizonwireless.com. 
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fee:  $20/2  yrs.  IMPORTANT  CONSUMER  INFORMATION:  Subject  to  Customer  Agreement,  Calling  Plan  &  credit 
approval.  $1 75  termination  fee,  other  charges  &  restrictions.  Requires  compatible  PC  card  or  phone  (purchased 
separately).  Offers,  coverage  &  service  not  available  everywhere.  Speed  claim  based  on  our  network  tests  with 
5MB  FTP  data  files,  without  compression.  Actual  speeds  and  coverage  vary.  Coverage  limitations  &  maps  at 
verizonwireless.com.  Limited  time  offer. 
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Wireless  firms  draw  investments 


BY  CARA  GARRETSON 

Private  companies  with  wireless- 
related  products,  particularly 
broadband  wireless,  garnered  sig¬ 
nificant  interest  from  venture  cap¬ 
italists  during  the  third  quarter, 
with  the  two  largest  deals  going  to 
such  start-ups. 

During  the  third  quarter,  41  wire¬ 
less  companies  received  $455  mil¬ 
lion  in  investments  from  venture 
capitalists,  according  to  the  Mon- 
eyTree  Survey  released  by  Price- 
waterhouseCoopers  (PwC), 
Thomson  Venture  Economics  and 
the  National  Venture  Capital  Asso¬ 
ciation.  That’s  the  highest  level  of 
investments  in  the  wireless  seg¬ 
ment  in  four  years,  says  Tracy 
Lefteroff,  global  managing  partner 
of  PwC’s  venture  capital  and  pri¬ 
vate  equity  practice. 

During  the  first  three  quarters  of 
this  year,  1 14  wireless-related  com¬ 
panies  saw  $984  million  in  invest¬ 
ments,  compared  with  135  com¬ 
panies  garnering  $1.1  billion  dur¬ 
ing  all  of  2004,  the  report  says. 

“The  wireless  area  has  been  a 
hot  spot,”  Lefteroff  says,  adding 
that  wireless  companies  could  be 


the  force  that  lifts  the  networking 
and  telecom  sector  out  of  its  five- 
year  slump. 

The  creators  of  the  MoneyTree 
Survey  produce  a  slice  of  data  for 
Network  World  that  tracks  net¬ 
work-related  companies,  includ¬ 
ing  those  in  networking  and  tele¬ 
com  equipment  and  services, 
computer  hardware  and  software 
and  semiconductor  markets. 

‘A  lot  of  companies  lost  a  lot  of 
money  in  this  sector  over  the  last 
five  years,  but  there’s  definitely 
going  to  be  some  growth  in  the 
future,  and  wireless  is  something 
that’s  going  to  attract  investor 
money  and  build  customer 
bases,”  Lefteroff  says. 

FiberTower,  which  builds  back¬ 
haul  networks  based  on  micro- 
wave  technology  that  connect 
cell  towers  to  central  offices, 
topped  the  charts  with  $150  mil¬ 
lion.  Visto,  a  wireless-messaging 
application  and  service  provider, 
received  $70  million. 

Companies  with  broadband 
wireless  products  and  services 
created  a  lot  of  buzz  during  the 
third  quarter,  as  venture  capitalists 


More  malaise 

Despite  a  boom  in  wireless 
investments  during  the 
third  quarter,  the  net¬ 
working  industry  has  not 
yet  recovered  from  its 
post-' Net  bubble  hangover. 


Investment 

value 

(in  billions) 

Number 
of  deals 

1999 

$30.3 

2,896 

2000 

$67.3 

4,524 

2001 

$26.1 

2,558 

2002 

$12.5 

1,765 

2003 

$10.3 

1,595 

2004 

$11.1 

1,595 

2005  YTD 

$8 

1,155 

SOURCE:  MONEYTREE  SURVEY 


sought  to  invest  in  the  next  big 
thing  within  this  hot  market. 

“By  definition,  what  we  do  is 
look  at  things  that  are  somewhat 
over  the  horizon,”  says  Michael 
Greeley  general  partner  with  IDG 


Ventures,  who  listed  wireless  mo¬ 
bility  as  one  such  area.“I  count  this 
[past]  quarter  as  very  good. The 
sentiment  now  is  we  can  finally 
begin  to  make  money  again.” 

Among  the  broadband  wireless 
companies  that  saw  third-quarter 
investments  was  Aperto  Networks, 
developer  of  wireless  access  sys¬ 
tems,  with  a  $17  million  round. 
The  company’s  802.16/WiMAX 
base  stations  and  subscriber  units 
are  sold  to  service  providers. 

Pronto  Networks  received  $3.2 
million  in  investments  to  help 
build  its  Wi-Fi  and  WiMAX  infra¬ 
structure  business.  And  $2  million 
went  to  LCG  Wireless,  maker  of  3G 
and  in-building  wireless  infra¬ 
structure  products. 

Overall,  network-related  compa¬ 
nies  had  investments  totaling  $2.5 
billion  for  the  third  quarter,  down 
slightly  from  the  $2.9  billion  in¬ 
vested  in  the  second  quarter, 
which  is  traditionally  a  slow  peri¬ 
od  This  past  quarter’s  investment 
levels  in  network-related  compa¬ 
nies  was  up  slightly  from  the  $2.3 
billion  garnered  during  the  same 
period  last  year.  ■ 


Start-up  helps  provision  VoIP  QoS 


VoIP  quality  on  the  LAN 


Xelorsays  its  XeloRate  software  can  guarantee  enough  LAN 
bandwidth  for  VoIP  calls,  saving  network  IT  staff  from  having 
to  do  so  manually. 


|  XeloRate 
server 


Cisco  or  Avaya  □ 
IP  PBX 


B 


fnnnnnnnJ^ 


Phone  A 


Cisco  switch 


Phone  B 


H  XeloRate  server  discovers  the  network  topology  via  SNMP  and  establishes  trust 
with  Cisco  network  infrastructure  by  automating  standard  instructions  to  the 
switches  that  would  otherwise  have  to  be  entered  manually. 

E3  XeloRate  establishes  DiffServ  markings  and  queues  so  it  can  tag  voice  packets  for 
expedited  forwarding  to  assure  voice  quality. 

O  When  phone  A  places  a  cail  to  phone  B,  XeloRate  shares  call  setup  information  with 
the  PBX  and  determines  if  enough  bandwidth  is  available  for  the  call.  If  so,  it  is 
marked  for  expedited  forwarding.  If  not,  it  is  marked  for  best  effort. 


BY  TIM  GREENE 

Start-up  Xelor  Software  is  intro¬ 
ducing  a  tool  to  help  simplify  QoS 
provisioning  for  VoIP  calls  within 
business  LANs  consisting  of  Cisco 
switches  and  routers. 

Called  XeloRate,  the  software 
runs  on  a  Red  Hat.  Enterprise 
Server  attached  to  the  LAN  and 
provisions  QoS  for  calls  set  up  via 
Avaya  or  Cisco  IP  PBXs.  The  soft¬ 
ware  can  automatically  set  Cisco’s 
AutoQoS  on  switches  and  routers. 
AutoQoS  prioritizes  traffic  so  that 
critical  or  time-sensitive  applica¬ 
tions  don’t  get  bogged  down  by 
congestion  and  delay 

XeloRate  eliminates  the  need  to 
type  in  command  lines  to  config¬ 
ure  AutoQoS,  a  process  that  is 
prone  to  error,  Xelor  says. 

“Cisco’s  AutoQoS  can  be  a  bear 
to  configure,” says  Eric  Siegel,  an 
analyst  for  Burton  Group. 

AutoQoS  is  static;  once  it  is  set,  it 
doesn’t  automatically  adapt  to 
changes  in  network  traffic,  he  says. 

XeloRate  dedicates  100K  bit/sec 
per  phone  call  up  to  the  limit 
users  choose,  and  when  that  limit 


is  reached,  subsequent  calls  are 
dropped  into  a  best-effort  queue. 
It  also  notifies  IT  staff  via  e-mail  so 
they  can  reevaluate  the  path  and 
reserve  more  bandwidth  for  calls 
or  create  a  separate  virtual  LAN 
(VLAN) ,  Xelor  says. 

While  the  quality  of  calls 
bumped  to  the  best-effort  queue 
may  suffer,  doing  so  protects  other 
traffic  on  the  same  network,  Siegel 
says.  “It  uses  the  high-priority 
queue  only  if  there  are  enough 
resources  and  if  not,  it  won’t  hurt 
anything  else,”  he  says. 

The  XeloRate  server  also  stores 
call  information  so  IT  staff  can 
better  track  the  cause  of  prob¬ 
lems.  The  software  also  discovers 
routers,  switches  and  end  de¬ 
vices  on  the  network  and  draws  a 
topology  map  so  users  can  see 
the  paths. 

It  also  taps  into  the  call  servers 
and  discovers  phones  that  are 
registered  to  them.  When  an  end 
user  dials  a  call,  setup  informa¬ 
tion  is  shared  with  XeloRate, 
which  assesses  the  bandwidth 
on  the  path  the  call  will  take 


and  assigns  appropriate  service 
quality  by  having  switches  tag 
the  packets. 

Prices  for  XeloRate  depend  on 


the  number  of  users.  A  license  for 
50  users  costs  $5,000,  and  a 
license  for  750  users  costs 
$37,500.  ■ 
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ntroducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design.  The 
Biglron  IOC  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 
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NETWORKS 

The  Power  of  Performance ™ 


Find  out  more  about  the  BigIron  RX  Series  and  how 
YOU  CAN  TAKE  ADVANTAGE  OF  A  LIMITED  TIME  OFFER  TO 
REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  LOG  ON  TO  WWW.FOUNDRYNET.COM/BlGlRONRX. 
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FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  BBS  TURBOLAN, 
INTERNATIONAL  +1  <4  O  B  .  5  B  6 . 1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches. 
Layer  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry’s  8,500  customers  include  the  world's  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

©  2005  Foundry  Networks®,  the  Foundry  logo,  The  Power  of  Performance™,  Foundry™,  and  Biglron®  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 

All  Rights  Reserved.  All  other  marks  are  trademarks  of  their  respective  owners. 


www.iss.net 


Proventia  ESP  (Enterprise  Security  Platform)  from  ISS  stops  Internet  threats  before  they  impact  your  network.  With  intrusion  prevention  and  vulnerability  assessment  products 
and  services,  Proventia  ESP  gives  you  centralized  control  and  enables  network  uptime.  Only  ISS  keeps  you  ahead  of  the  threat  with  preemptive  protection  to  suit  your  needs. 
Download  a  free  white  paper  at  www.iss.net/ESP/network,  or  call  1-800-776-2362. 
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■  SECURITY  ■SWITCHING  ■  ROUTING  if  VPNS  ®  BANDWIDTH  MANAGEMENT  SVOIP  ■  WIRELESS  LANS 


Short  Takes 


Cisco  exec  talks  mobile 


With  its  recent  IP  Interoperability 
Communication  System  launch, 
Cisco  introduced  IP  integration  for 
two-way  radio,  push-to-talk  cellular 
and  VoIP  technologies.  The  bridging 
of  first-responder  communication 
systems  during  critical  events  is  the 
first  application,  says  Cisco  Senior 
Vice  President  and  Chief  Develop¬ 
ment  Officer  Charles  Giancarlo.  But  Cisco  could  have 
bigger  plans  with  the  technology  as  part  of  its  new 
Security,  Safety  Systems  business  unit,  as  told  to 
Network  World  Senior  Editor  Phil  Hochmuth  during 
the  event  launching  the  product  last  month. 

By  giving  push-to-talk  capabilities  to  IP  devices  -  such  as  phones, 
PCs,  PDAs  and  Wi-Fi  phones  -  as  well  as  interoperability  with  cell 
phones  and  radios,  are  you  becoming  a  direct  competitor  with  ven¬ 
dors  such  as  Nextel  and  Verizon  that  offer  push-to-talk  services? 

Or  possibly  radio  vendors,  such  as  Motorola? 


Not  exactly  When  you  use  Nextel  in  the  wide-area  environ¬ 
ment, such  as  with  cab  drivers,  that  can’t  be  replaced  with 
802.1 1.  What  the  introduction  of  IP  does  in  any  industry  is  it 
allows  borders  to  shift.  Now  [wireless  push-to-talk]  vendors 
can  use  their  network  for  new  opportunities,  but  this  raises 
new  defensive  points  as  well  [for  these  vendors]  .That  will  be 
true  for  Nextel.  Simply  by  the  fact  that  Nextel  is  here  today 
[at  Cisco’s  Oct.  24  launch  of  IPICS] ,  they  see  [1PICS]  largely 
as  opening  up  opportunities  for  them,  because  it  allows 
them  perhaps  to  penetrate  more  in  the  radio  space.  But 
you’re  right  —  there  may  be  other  places  where  it  might 
make  them  somewhat  more  defensive,  such  as  within  a 
smaller  environment  where  the  customer  can  put  up  Wi-Fi 
and  basically  cover  their  push-to-talk  needs  with  a  private 
network.  Obviously  that  reduces  the  need  for  these  wide- 
area  services.  But  for  nationwide  push-to-talk  or  even  city¬ 
wide  push-to-talk,  Nextel  will  still  be  important. Wi-Fi  is  fairly 
limited,  and  you  have  to  have  control  of  the  physical  space 
to  make  sure  you  have  that  ubiquitous  coverage. 

When  entering  a  new  market,  Cisco  usually  acquires  some  comple¬ 
mentary  technology.  Do  you  see  any  areas  in  IPICS  that  could  be 

See  Cisco,  page  24 


Security  algorithms  raise  concerns 


H  Tasman  Networks  last  week  debuted 
a  new  router  line.  Tasman's  3120  Con¬ 
verged  Services  Router  includes  basic  T-1 
WAN  routing  connectivity  with  hardware- 
accelerated  services  including  IPSec 
VPN,  firewall  and  VoIP  QoS  features.  Like 
Cisco's  Integrated  Services  Routers  line, 
the  3120  integrates  these  features  in 
application-specific  hardware,  but  Tas¬ 
man  says  it  delivers  the  product  at  a  third 
to  half  the  cost  of  Cisco.  The  3120  routers 
are  designed  to  compete  with  Cisco's 
ISR  2800  and  3800  series  devices.  The 
router  comes  in  several  configurations, 
including  four,  eight  or  16  ports  of  T-1  con¬ 
nectivity,  or  single  or  dual  DS-3  port  con¬ 
figurations.  Each  device  comes  with  a 
stateful  packet  inspection  firewall  off¬ 
loaded  to  its  own  processor,  IPSec  VPN 
with  hardware-accelerated  encryption 
and  Type  of  Service  and  Class  of  Service 
traffic-prioritization  features. 

The  router's  pricing  ranges  from 
$6,400  to  $12,900,  depending  on  the 
configuration. 

■  Citrix  Systems  last  week  intro¬ 
duced  software  that  lets  end  users 
make  phone  calls  on  an  IP  phone  from 
an  interface  on  a  PC.  The  software, 
Citrix  Application  Gateway  6.0,  includes 
a  Smart  Agent  client  application  that 
lets  end  users  click  on  a  phone  number 
in  any  application  or  Web  page  and  dial 
the  number  from  a  desktop  IP  phone. 
Citrix  says  the  software  can  help  end 
users  be  more  productive  with  comput¬ 
er  telephony  integration,  without  the 
expensive  and  complicated  configura¬ 
tion  previously  required.  To  use  the  soft¬ 
ware,  users  download  and  install  the 
Smart  Agent  software  from  an  internal 
corporate  server,  This  software  inter¬ 
acts  with  the  Citrix  Application  Gate¬ 
way,  an  appliance  that  lets  corporate 
applications  be  converted  for  use  on  IP 
telephone  interfaces.  This  could  include 
data  input  applications  or  calendar  soft¬ 
ware,  with  interfaces  that  are  reduced 
for  viewing  on  an  IP  phone’s  LCD  with 
dial  pad-based  controls. 

The  Citrix  Application  Gateway  6.0 
with  Smart  Agent  works  with  IP  phones 
from  Avaya,  Cisco  and  Nortel.  It  will  be 
available  in  the  fourth  quarter  and 
starts  at  $4,000,  plus  $40  per  end-user 
license. 


BY  CARA  GARRETSON 

GAITHERSBURG,  Md.  —  Industry  experts 
agree  that  the  future  of  two  widely  used 
security  algorithms  is  fated,  but  with  no 
clear  alternatives  in  sight,  products  that  rely 
on  them  may  have  to  remain  “good 
enough”  for  some  time. 

Secure  Hash  Algorithm-1  (SHA-1)  and 
Message  Digest  5  (MD5)  were  the  topics  of 
much  discussion  at  the  National  Institute  of 
Standards  and  Technology’s  Cryptographic 
Hash  Workshop  held  last  week.  Both  are 
hash  functions  developed  in  the  early 
1990s  that  generate  unique  strings  of  values 
most  often  used  for  encrypting  and  de¬ 
crypting  digital  signatures,  and  both  have 
been  exposed  as  vulnerable  within  the  past 
year.  Products  and  services  from  compa¬ 
nies  such  as  IBM,  Adobe  and  VeriSign  rely 
on  digital  certificates  to  verify  sender  and 
receiver  identities. 

“SHA-1  is  a  wounded  fish  in  shark- 
infested  waters,  but  I’m  more  worried  about 
MD5  because  it’s  used  everywhere,”  said 
Niels  Ferguson, a  cryptographer  with  Micro¬ 
soft.  “Try  to  switch  away  from  SHA-1  as 


quickly  as  you  can,  but  switch  away  from 
MD5  first,”he  said, when  asked  what  his  rec¬ 
ommendations  were. 

About  a  year  ago,  “collisions”  with  MD5 
came  to  light.  Collisions  occur  when  two 
messages  have  the  same  hash  value,  which 
compromises  the  authentication  of  the 
messages.  In  February  similar  findings  were 
unveiled  regarding  SHA-1 .  In  the  latter  case, 
the  collision  was  not  actually  performed, 
but  research  scientists  at  a  Chinese  univer¬ 
sity  highlighted  the  vulnerability  by  de¬ 
scribing  how  such  an  occurrence  could  be 
constructed. 

Because  actual  collisions  have  occurred 
with  MD5,  many  presenters  at  the  confer¬ 
ence  dismissed  the  algorithm  as  compro¬ 
mised.  Ferguson  told  the  story  of  a  man  in 
Australia  who  was  fighting  a  traffic  violation 
in  court  and  argued  that  the  evidence 
against  him  was  invalid  because  the  traffic 
camera  used  MD5,  which  is  considered  a 
broken  algorithm.The  judge  threw  the  case 
out,  Ferguson  said. 

Much  of  the  conference’s  discussion 
focused  on  potential  fixes  or  replacements 


for  SHA-1,  but  one  presenter  warned  that 
new  hash  functions  won’t  emerge  for  a 
while.“SHA-l  needs  to  be  replaced,  but  that 
replacement  isn’t  known  yet,  and  it’s  going 
to  take  years  to  develop,”  said  Steven  Bello- 
vin,  a  professor  at  Columbia  University 

In  the  meantime,  debate  continues  over 
whether  SHA-1  should  still  be  used  at  all. 
Participants  in  the  recommendations 
panel  agreed  that  users  should  not  in¬ 
clude  SHA-1  in  new  projects,  but  that  con¬ 
tinued  use  of  existing  products  may  be 
unavoidable. 

As  members  of  the  audience  pointed  out, 
hardware  and  software  will  need  to  be  up¬ 
dated  with  new  or  enhanced  algorithms  re¬ 
placing  SHA-1,  which  is  time-consuming 
and  expensive.  Users  also  need  to  be  con¬ 
vinced  to  migrate  to  products  that  use  new 
algorithms,  which  can  take  years  to 
achieve. 

“It’s  practical  to  continue  to  use  SHA-1, 
but  be  very  aware  and  do  a  lot  of  planning 
for  the  next  algorithm,”  said  Jamas  Ran¬ 
dall,  manager  of  cryptographic  algorithms 
and  standards  at  RSA  Security.  ■ 
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DM  TRANSFORMED  INTO  PEDIATRIC  CLINIC.  Bumrungrad  Hospital,  Southeast 
Asia's  largest  healthcare  facility,  created  a  kid-friendly  pediatric  clinic  oi  of  a  10,000-square-foot 
medical  records  unit.  How?  An  ultra-scalable,  4-way  Inte  Xeon  processor-based  system 
improved  data  reliability  and  made  records  paperless.  Read  more  about  Bumrungrad  Hospital’s 
experien  e  with  Intel  built  in  at  intel.com/builtin. 
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Stacked  LAN  switches: 
Measuring  performance 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


As  we  close  in  on  2006,  LAN 
switching  has  been  a  part  of 
enterprise  networks  for  years. 
Typically,  as  technology  matures 
the  focus  moves  away  from 
“speeds  and  feeds”  to  other  areas. 
Although  many  switches  boast 
impressive  features  in  areas  such 
as  QoS,  virtual  LANs  and  availabil¬ 
ity  raw  throughput  never  leaves 
the  scene. 

With  sophisticated  stackables 
now  on  the  market,  vendors  are 
anxious  to  prove  their  stackable 
switching  prowess.  Therein  lies 
the  problem:  How  does  one  mea¬ 
sure  this? 

Historically,  high-performance, 
high-density  switches  have  been 
delivered  in  chassis-based  plat¬ 
forms  populated  with  multiple 
blades  of  switch  ports.Traffic  mov¬ 
ing  from  ports  on  one  blade  to  a 
port  (or  ports)  on  any  other  blade 
pass  across  the  fabric  or  back¬ 
plane  of  the  switch.  Not  only  is 


this  processing  invisible  to  the 
end  user,  it  is  also  invisible  to  stan¬ 
dard  test  tools  such  as  those 
offered  by  Spirent,  Ixia,  Shenick 
and  others. 

Industry  throughput  metrics 
have  evolved  around  measuring 
the  traffic  that  goes  into  and  out  of 
user  ports.  Any  measurement  of 
the  backplane  capacity  has  to  be 
extrapolated  from  those  results  — 
and  often  requires  fairly  in-depth 
knowledge  of  the  chassis  vendor’s 
backplane  architecture. 

Now,  stackable  switches  can  be 
deployed  in  high-density  configu¬ 
rations  of  300  ports  or  more  of 
Gigabit  Ethernet.  With  such  con¬ 
figurations,  the  stacking  technol¬ 
ogy  becomes  an  integral  part  of 
the  system  and  an  area  of  great 
concern.  If  the  architecture  or  im¬ 
plementation  can’t  deliver  high 
throughput,  the  entire  stack 
could  suffer. 

In  essence,  the  stacking  mecha¬ 
nism  serves  as  an  external  back¬ 
plane.  In  a  configuration  consist¬ 
ing  of  several  hundred  switch 
ports  in  a  stack,  it  is  likely  that  sig¬ 


nificant  amounts  of  traffic  will  tra¬ 
verse  the  stackable  links.While  the 
individual  switches  are  probably 
wire-speed,  the  prudent  network 
architect  will  want  to  understand 
the  performance  levels  offered 
across  the  stacking  mechanism. 

Ideally,  that  external  backplane 
should  offer  the  same  level  of  per¬ 
formance  as  a  top-notch  back¬ 
plane  on  a  chassis-based  switch 
—  that  is,  wire-speed.  Put  another 
way,  if  each  individual  switch  is 
capable,  say  of  24G  bit/sec,  you 
would  want  a  stack  of  10  to  be 
able  to  push  as  close  to  240G 
bit/sec  as  possible  for  traffic 
directed  across  the  stacking  ports. 

Because  most  switches  are  built 
with  Gigabit  Ethernet  port  counts 
as  multiples  of  12,  and  most  stack¬ 
ing  approaches  use  multiples  of 
10G  Ethernet  for  the  stacking 
links,  you  are  not  likely  to  get  a 
perfect  match  —  but  the  closer 
the  better. 

Which  leads  to  the  challenge: 
How  do  we  characterize  and  re¬ 
port  performance  across  the 
stacking  mechanism?  The  easy 


way  would  be  to  add  this  number 
to  the  traditional  port-to-port  mea¬ 
surement  and  call  the  whole  thing 
throughput.  But  this  blurs  what  is 
being  reported  and  confuses  the 
issue.  Doing  it  this  way,  a  switch 
stack  with  200  ports  could  be  ad¬ 
vertised  to  have  “400G  bit/sec 
throughput.”  Aside  from  the  obvi¬ 
ous  question  of  how  400  Gigabit 
Ethernet  devices  can  be  hooked 
up  to  200  physical  ports,  such  a 
characterization  offers  nothing. 

At  The  Tolly  Group,  we’ve  adopt¬ 
ed  the  term  “stackable  switching 
capacity”  to  describe  the  aggre¬ 
gate  of  throughput  when  we’re 
measuring  not  only  what  flows  in 
and  out  of  the  user  ports,  but  also 
the  traffic  that’s  flowing  across 
the  interswitch  stacking  ports. 

So  pay  attention  to  both  sets  of 
numbers  when  evaluating  stack- 
able  switch  solutions. 

Tolly  is  president  of  The  Tolly 
Group ,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


Start-up  hits  market  with  IDS  package 


BY  ELLEN  MESSMER 

Start-up  CounterStorm  last  week  unveiled  Counter- 
Storm-1,  a  security  appliance  that  protects  network 
resources  early  on  in  an  attack  by  shutting  down  net¬ 
work  access. 

First  strike,  or  zero-day  attacks  from  worms  or 
viruses  can  succeed  by  exploiting  a  vulnerability  or 
lack  of  user  awareness  while  the  security  industry  is 
analyzing  the  new  attack  to  design  a  specific  defense 
—  which  is  frequently  based  on  a  threat  signature  — 
against  it. 

CounterStorm  says  its  security  appliance  uses 
behavior-  and  anomaly-based  detection  rather 
than  signature-based  methods  to  identify  an 
attack.  CounterStorm’s  competition  includes  Lan- 
cope  and  Mazu  Networks,  whose  intrusion-pre¬ 
vention  systems  (IPS)  also  analyze  traffic  behavior  and  focus  on 
internal  security. 

“CounterStorm-1,  which  plugs  into  any  network  switch,  passively  mir¬ 
rors  traffic,  and  its  goal  is  to  stop  network  attacks  immediately  says  Gil 
Arbel.CEO  with  the  firm. 

As  a  passive  monitor,  CounterStorm-1  doesn’t  sit  in-line  to  directly 
block  network  traffic  as  some  IPSs  do.  Instead,  it  thwarts  an  attack  such 
as  a  worm  outbreak  by  automatically  disabling  the  port  of  an  infected 
device  or  segmenting  traffic  on  a  virtual  LAN  (VLAN).  CounterStorm-1 
appliances,  deployed  at  LAN  segments,  report  back  to  a  management 
center  appliance. 


The  company  is  a  spin-off  of  Columbia  University-based  research  conducted  in  the  university's 
advanced  technology  center  of  the  computer  science  department. 

Matt  Miller,  vice  president  of  engineering,  says  CounterStorm’s  intru¬ 
sion-detection  method  was  developed  at  Columbia  University’s  ad¬ 
vanced  research  labs  with  encouragement  from  the  Department  of 
Defense.The  start-up  has  received  more  than  $1  million  in  funding  from 
the  Department  of  Homeland  Security  and  expects  to  soon  announce 
private-equity  funding  as  well. 

CounterStorm  says  its  gear  is  being  used  by  10  customers,  including 
Fortune  1000  companies  and  a  few  government  agencies,  which  it 
wouldn’t  name. 

The  cost  of  deploying  CounterStorm-1  ranges  from  $75,000  to 

$1 00,000.  ■ 


Profile:  CounterStorm 


Location: 

New  York 

Founded: 

2001 

v  mi  nAiionniiAP 

MJj  Pul  oUllllula 

Gil  Arbel,  CEO;  Matt  Miller,  vice  president  of  engineering;  Salvatore  Stolfo,  chief  science  adviser. 

Funding: 

$1.5  million  in  Small  Business  Innovation  Research  grants  from  the  U.S.  Department  of 
Homeland  Security. 

Employees: 

20 

Product: 

GounterStorm-1,  security  appliance  to  detect  and  thwart  zero-day  attacks  by  closing  off 
device  network  access. 

Fun  fact; 


Cisco 

continued  from  page  21 

shored  up  via  an  acquisition? 

Always  possible.  I  can’t  say 
there  is  anything  fundamentally 
missing  now  for  which  we  are 
envisioning  an  acquisition.  But 
that  could  change  in  three 
months,  so  I  don’t  want  to  mis¬ 
lead  you  on  that  either. 
Obviously,  integration  into  other 
media  types  is  going  to  be 
important  as  we  go  forward. 
Integration  [of  IPICS]  into  data¬ 
base  systems  will  be  important 
as  well,  as  we  think  about  tap¬ 
ping  into  video  and  sensor  sys¬ 
tems  [for  example,  environmen¬ 
tal  monitoring,  detection  and 
physical  security]  .We  think  that 
is  pretty  important.  I  see  us 
working  with  the  primary  radio 
vendors  but  not  really  going 
into  that  part  of  the  business. 
We’re  not  going  to  sell  radios. 

IPICS  does  not  directly  compete  with 
radio  or  push-to-talk  vendors,  so  how 
are  you  defining  the  market  it's  in? 

We’re  still  evaluating  what  we 
think  will  be  the  potential  for 
this  market.  It’s  a  little  bit  diffi¬ 
cult  to  gauge  at  this  early  phase. 
Even  though  we  know  what  the 
market  is  for  radios  on  an  ongo¬ 
ing  basis  and  we  know  what  the 
installed  base  is,  a  large  amount 
of  the  size  of  this  market  is 
going  to  depend  on  the  speed 
at  which  this  type  of  solution  is 
adopted,  and  that’s  hard  to 
gauge  at  this  point. 

The  name  of  the  new  business  unit 
-  Security,  Safety  Systems  - 
implies  it  will  reach  beyond  just 
radio  interoperability.  Where  else 
might  this  technology  go? 

We  do  think  that  [facility- 
based]  security  systems  have 
been  largely  proprietary  so  far. 
When  I  say  proprietary,  I  mean 
down  to  the  wires  themselves, 
the  signals  on  the  wires  have 
been  proprietary. Video  has 
been  primarily  analog  video. 
We  do  think  that  IP  and  Pbwer 
over  Ethernet  can  be  extended 
into  these  environments.  ■ 


nww.com 

Get  the  full  story 

Read  the  unabridged  version  of  our 
interview  with  Cisco’s  Charles  Giancarlo. 

DocFinder:  9631 


73%  of  the  FORTUNE  100®  and  76% 
of  the  European  100  compared  business 
collaboration  providers  and  came  to 
a  single  conclusion. 


Obviously,  great 
minds  think  alike. 


Many  of  the  world's  most  successful  organizations  rely  upon  Sterling  Commerce  to  automate  their  business 
processes,  so  they  can  exchange  critical  information  with  their  trading  partners,  subsidiaries  and  customers. 
Reliably.  Securely.  And  regardless  of  the  application  being  used.  Sterling  Commerce  delivers  the  first  platform  to 
meet  all  the  complex  challenges  of  real-world  multi-enterprise  collaboration.  Find  out  what  so  many  companies 
already  know.  Speak  to  a  Sterling  Commerce  representative  today.  Or  visit  www.sterlingcommerce.com 

BUSINESS  APPLICATIONS  /  BUSINESS  INTEGRATION  /  BUSINESS  INTELLIGENCE  /  BUSINESS  PROCESS  MANAGEMENT  /  SOLUTION  DELIVERY 
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company.  FORTUNE  is  a  registered  mark  of  Time  Inc. 
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SUSE™  LINUX 
Enterprise  Server 


Define  Your  Open  Enterprise.™ 


What  does  Open  mean  to  you?  Community?  Security?  Risk? 
Reward?  Can  it  leverage  legacy  systems?  Consolidate  and 
simplify?  Do  you  believe  in  its  power  and  potential? 

Introducing  Novell®  software  for  the  open  enterprise™ — 
the  only  software  that  makes  Open  work  for  you.  From 
desktop  and  data  center  to  identity  management,  resource 
management  and  collaboration,  our  flexible  combination  of 
open  source  and  commercial  software  delivers  more  than 


you  ever  imagined.  The  power  to  automate  IT  asset 
management.  Freedom  from  single  vendor  lock-in.  Security 
that  keeps  the  right  information  safe  and  the  right  people 
informed.  And  the  ability  to  connect  people  to  performance 
and  business  to  possibilities.  So  you  can  build  an  open 
enterprise  that  makes  sense  for  you  —  and  your  future. 
This  is  Novell  software  for  the  open  enterprise.  The 
Open  you’ve  wanted  all  along. 


Novell 

This  is  your  open  enterprise." 

www.novell.com 


Copyright  ©  2005  Novell.  Inc.  All  Rights  Reseived.  Novell,  the  Novell  logo,  ZENworks  and  GroupWise  are  registered  trademarks;  SUSE. 
This  is  your  open  enterprise.  Software  lor  the  open  enterprise  and  Define  your  open  enterprise  are  trademarks  ol  Novell.  Inc.  in  the 
United  States  and  other  countries.  All  third-party  trademarks  are  the  property  ol  their  respective  owners. 


Buy  nothing 
now.  Learn 
howto 
buy  even 
less  later. 


No  commitments.  No  obligations.  A  half  hour  is  all  we  need  to 
demonstrate  how  Pillar  Axiom™  drives  down  networked  storage 
costs.  By  combining  SAN  and  NAS  into  one  system,  it  dramatically 
reduces  administration  and  support.  With  top-tier  performance  and 
scalability  on  a  single  software  license,  it  eliminates  unexpected 
fees.  And  because  our  storage  system  can  often  be  installed  for  less 
than  some  companies'  storage  maintenance  budgets,  it  can  really 
save  on  the  bottom  line. 

You've  got  nothing  to  lose  and  everything  to  gain  by  hearing  our 
honest  approach  to  networked  storage.  Call  1-877-252-3706 
to  schedule  a  briefing  or  visit  www.pillardata.com/less 


©  2005  Pillar  Data  Systems  Inc.  All  rights  reserved.  Pillar  Data  Systems,  Pillar  Axiom, 
and  the  Pillar  logo  are  all  trademarks  of  Pillar  Data  Systems. 


Learn  the  truth  about  networked  storage. 

Get  your  FREE  subscription 
to  AXIOM  Journal 
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HP  Itanium 


blade  upstages  processor 


Today  HP  ships  blades  with  cooler-run¬ 
ning  x86  chips  from  Intel  and  AMD. 
Initially,  HP  had  said  its  forthcoming 
Itanium  blade,  which  can  run  up  to  1.6 
GHz  with  a  3-MB  cache,  would  require  a 
separate  chassis  because  of  cooling 
demands,  but  the  company  says  the  BL60p 
can  fit  into  the  same  chassis  as  HP’s  other 
blades.  As  many  as  eight  blades  can  fit  into 
each  BladeSystem  chassis. 

Blades,  which  are  thin  systems  that  slide 
side  by  side  into  a  chassis  like  books  in  a 
bookshelf,  are  an  exploding  segment 
of  the  server  market,  as  corporate  buyers 
turn  to  these  systems  for  data-center 
consolidation. 

While  blade  server  sales  accounted  for 
only  4%  of  the  overall  server  market,  dollars 
spent  on  blades  grew  88%  in  the  second 
quarter  compared  to  the  same  period  a 
year  ago,  according  to  IDC.  IBM  leads  the 
blade  server  market,  although  No.  2  HP 
hopes  the  introduction  of  its  Itanium  blade 
will  narrow  the  gap. 


NEC  introduced  an  Itanium  blade  last 
year,  but  HP  is  the  first  Tier  1  systems  vendor 
to  offer  a  blade  based  on  Intel’s  64-bit  chip. 
HP  developed  Itanium  with  Intel  and  con¬ 
tinues  to  be  its  strongest  backer. 

IBM  also  sells  a  Unix  blade,  but  it  is  based 
on  its  lower-power  PowerPC  chip,  rather 
than  its  Power5  processor.  In  addition,  IBM 
highlights  the  blade’s  Linux  support,  while 
the  BL60p  is  aimed  at  HP-UX  workloads. 
Support  for  Linux  and  Windows  is  expect¬ 
ed  next  year,  HP  says. 

“The  IBM  JS20  and  [the  BL60p]  really 
have  different  design  points.  The  JS20  is 
lower  power  and  cheaper,  but  in  aggregate 
it  can  be  very  powerful,”  says  Gordon  Haff, 
an  analyst  at  Illuminata.  “HP’s  blade  ...  is 
more  oriented  toward  commercial  work¬ 
loads.” 

The  appeal  of  blade  servers  is  that  they 
enable  users  to  consolidate  hardware,  as 
well  as  cabling  and  storage,  because  the 
servers  share  a  backplane,  Haff  says. 

“Now  customers  won’t  have  to  have  an 


HP-UX  rack-mount  system  and  then  a  blade 
chassis  of  Linux  or  Windows  servers  in  a 
mixed  environment,” he  says.“This  really  lets 
somebody  have  a  complete  blade  environ¬ 
ment  that  could  include  x86-based  Web 
servers,  for  example,  and  a  database  run¬ 
ning  on  HP-UX.” 

Also  last  week,  IBM  upgraded  its  four- 
processor  xSeries  servers  with  the  latest 
dual-core  Xeon  chip  from  Intel.  The  chip, 
formerly  code-named  Paxville  MP  runs  at 
speeds  as  high  as  3.0  GHz  and  has  a  667- 
MHz  front-side  bus. 

IBM’s  updated  xSeries  460,  aimed  at  large 
databases  and  server  consolidation,  scales 
to  32  processors  and  is  expected  to  be 
available  this  month.  The  xSeries  366  is 
aimed  at  corporate  applications  and  server 
consolidation  and  also  is  expected  to 
begin  shipping  this  month. 

Both  servers  are  built  using  IBM’s  X3  archi¬ 
tecture,  which  brings  mainframe-like  relia¬ 
bility  and  virtualization  capabilities  to 
Xeon-based  systems.  ■ 


Serving  it  up 

Systems  vendors  dish  up  their  latest  Intel-based  wares. 


HP  BL60p 
blade  server 


Server 

Chip 

Features 

Price  Availability 

IBM  4-processor  xSeries  460 

Dual-core  64-bit  Xeon 

Uses  custom  X3  architecture  to  bring  mainframe- 
like  capabilities;  able  to  scale  up  to  a  32-way  system. 

Starting  at  $21,000  November 

IBM  4-processor  xSeries  366 

Dual-core  64-bit  Xeon 

Uses  X3  architecture,  optimized  for  enterprise 
applications,  such  as  databases  and  ERP. 

Starting  at  $10,000  November 

HP  BL60p 

Itanium  2 

_ 

First  blade  server  to  support  HP-UX. 

_ 

Starting  at  $5,700  for  single  1.6-  January 

GHz  Itanium  2  processor 

Novell  to  lay  off  10%  in  restructuring 


BY  JENNIFER  MEARS 

Despite  a  setback  in  Intel’s  processor 
road  map  that  delays  the  introduction  of 
its  dual-core  Itanium  processor  and  rejig¬ 
gers  its  plans  for  Xeon,  systems  vendors 
continue  to  update  their  Intel-based  offer¬ 
ings.  Last  week,  HP  unveiled  its  long-await¬ 
ed  Itanium  blade,  and  IBM  was  one  of  sev¬ 
eral  vendors  to  announce  servers  built  on 
dual-core  Xeons  for  systems  with  four  or 
more  processors. 

The  new  BL60p  blade  enables  HP  cus¬ 
tomers  for  the  first  time  to  run  the  com¬ 
pany’s  HP-UX  Unix  operating  system  in  a 
blade  form.  It  can  be  ordered  now  for  an 
expected  January  shipment  starting  at 
$5,700. 


Short  Takes 


ADIC  and  Sun  last  week  separately 
announced  tape  automation  prod¬ 
ucts.  ADIC  launched  the  Scalar  i500, 
a  midrange  tape  library  that  scales 
to  18  limited-tape  open  drives  and 
404  tapes  for  a  total  capacity  of 
more  than  323T  bytes.  The  i500  has 
support  for  the  Storage  Manage¬ 
ment  Interface  Specification,  which 
the  company  says  makes  the  back¬ 
up  system  easier  to  manage.  It  uses 
a  single-tape  robot  across  all  mod¬ 
ules  to  ease  scalability.  The  Scalar 
i500  comes  in  5U,  14U  and  23U  ver¬ 
sions,  which  can  be  rack-mounted  or 
free-standing.  They  support  from  one 
to  18  drives  and  between  36  and  505 
tapes.  The  i500  is  expected  to  be 
available  this  month;  pricing  informa¬ 
tion  is  not  yet  available.  Sun 
announced  theTIOOOO  Enterprise 
Tape  Drive,  which  has  a  throughput 
rate  of  120M  bytes  per  second  and  a 
capacity  of  500G  bytes  uncom¬ 
pressed  or  IT  byte  of  compressed 
data  on  a  single  cartridge.  It  has 
Fibre  Channel  and  FICON  connectivi¬ 
ty.  The  T 10000  offers  encryption  at 
the  drive  level,  ensuring  data  protec¬ 
tion.  It  is  expected  to  be  available 
this  month  starting  at  $37,000  for  the 
Fibre  Channel  model  and  $44,000  for 
the  FICON  model. 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

Novell  will  eliminate  about  600  jobs,  or 
more  than  10%  of  its  workforce,  as  part  of  a 
restructuring  in  which  the  company  will 
refocus  on  Linux  and  open  source  opportu¬ 
nities  and  the  identity  and  resource  man¬ 
agement  markets. 

The  Waltham,  Mass.,  software  vendor 
plans  to  complete  the  restructuring  in  the 
first  quarter  of  its  2006  fiscal  year,  which  will 
end  Jan.  31,  according  to  a  company  state¬ 
ment. 

The  restructuring  will  result  in  an  estimat¬ 
ed  charge  of  $30  million  to  $35  million  in 


the  company’s  fiscal  2005  fourth  quarter, 
which  ended  Oct.  31,  but  it  will  cut  expens¬ 
es  by  more  than  $110  million  per  year, 
Novell  said. 

Novell  also  moved  toward  a  possible  spin¬ 
off  of  its  consulting  subsidiary  Celerant.  Its 
board  authorized  Novell  management  and 
the  company’s  financial  adviser,  Citigroup 
Corporate  and  Investment  Banking,  to 
explore  strategic  alternatives  for  Celerant. 

Celerant’s  business  is  “non-core”  to  Novell, 
said  Ron  Hovsepian,  Novell’s  new  president 
and  COO,  in  an  interview  before  the  com¬ 
pany’s  announcements.  He  emphasized 


that  the  company  isn’t  planning  to  sell  its 
GroupWise  collaboration  software  or  its 
ZenWorks  resource  management  software. 

In  its  most  recent  financial  report, 
released  Aug. 25,  Novell  reported  poor  third- 
quarter  results,  with  net  income  plummet¬ 
ing  91%  to  $2.1  million  and  revenue  falling 
4.7%  to  $290.2  million  compared  to  the 
third  quarter  the  year  before.  As  of  last 
Thursday,  Novell  had  not  said  when  it 
would  report  its  year-end  figures. 

China  Martens  of  the  IDG  News  Ser¬ 
vice  contributed  to  this  report. 
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insurance  comes  to  open  source 

Three  organizations  join  to  unveil  first  policy  to  protect  sellers  and  users  of  open  source-based  products. 


BY  CHINA  MARTENS,  IDG  NEWS  SERVICE 

Three  organizations  are  teaming  up  to 
offer  what  they  say  is  the  first  insurance  pol¬ 
icy  for  open  source  compliance  to  provide 
coverage  for  companies  worldwide  that  sell 
products  incorporating  open  source  soft¬ 
ware  or  use  it  on  their  networks. 

The  three  organizations  are  Open  Source 
Risk  Management  (OSRM),a  risk-mitigation 
consultancy;  a  Lloyds  of  London  under¬ 
writer  called  Kiln;  and  Miller  Insurance 
Services,  a  Lloyd’s  broker. 

The  policy  will  be  called  Open  Source 
Compliance  Insurance,  and  it  will  initially 
offer  maximum  coverage  of  $10  million, 
according  to  OSRM  CEO  Daniel  Egger.  A 
company  signing  up  for  the  policy  will  be 
reimbursed  if  it  is  determined  to  have  suf¬ 
fered  a  direct  loss  because  software  it  uses 
or  sells  was  found  not  to  be  in  compliance 
with  specific  open  source  license  agree¬ 
ments. 

The  definition  of  a  direct  loss  includes 
any  revenue  loss  a  company  might  incur  in 
relation  to  a  product  containing  noncom- 
pliant  open  source  software.  Another  defin¬ 
ition  of  a  direct  loss  relates  to  any  potential 
negative  impact  the  discovery  of  noncom- 
pliant  open  source  software  may  have  on 
the  value  of  a  company’s  impending  merg¬ 
er  or  acquisition,  Egger  said  in  a  recent 
interview. 

OSRM  will  act  as  the  exclusive  worldwide 


Cost  of  coverage 

Based  on  a  customer's  risk  profile, 

$10  million  of  Open  Source  Com¬ 
pliance  Insurance  will  cost  about 
$200,000  in  premiums  on  an  annual 
basis.  Some  clients,  especially 
smaller,  venture-backed  software 
companies,  may  not  require  as 
much  coverage. 

risk  assessor  and  adviser  for  the  new  insur¬ 
ance  policy  according  to  Matthew  Hogg, 
intellectual-property  underwriter  at  Kiln. 

OSRM  has  a  team  of  five  people  who 
carry  out  an  open  source  license  compli¬ 
ance  review  of  a  company’s  software.  This 
initial  risk  assessment  costs  between 
$25,000  and  $50,000,  Egger  says. 

OSRM  then  reports  to  Kiln  about  the  find¬ 
ings  of  the  review,  and  after  establishing  the 
company’s  risk  profile,  draws  up  the  insur¬ 
ance  policy  “The  review  firms  up  the  facts 
that  we’ve  looked  at  it  and  believe  in  the 
position,”  Hogg  says.“The  buck  [then]  stops 
with  the  insurance  company’ 

In  its  compliance  review,  OSRM  uses  its 
Silhouette  methodology.  Egger  says 
OSRM’s  approach  to  determining  a  com¬ 
pany’s  compliance  differs  from  the  com¬ 
pliance-assessment  services  offered  by 


Black  Duck  Software  and  Palamida.“We’re 
not  in  competition  with  them,”  he  says. 
“They’re  about  the  cut  and  pasting  [of 
open  source  software];  we’re  about  the 
links  [of  open  source  software]  into  a 
company’s  software.” 

License  compliance  can  depend  on  what 
level  a  proprietary  application  is  calling 
into  or  linking  to  an  open  source  piece  of 
software,  he  adds.  The  lower  a  link  into,  say 
the  kernel  of  the  open  source  Linux  operat¬ 
ing  system,  the  more  likely  the  potential  for 
noncompliance  with  licenses. 

Assessing  compliance  involves  some  gray 
areas,  Egger  says.  For  instance,  one  key  area 
hotly  debated  in  open  source  circles  is  how 
licenses  cover  software  distribution,  partic¬ 
ularly  in  relation  to  Web  services.  Further, 
what  some  individuals  consider  fine  behav¬ 
ior  in  relation  to  using  an  open  source 
license,  others  dispute.  Kiln  will  take  on 
those  risks  for  policyholders,  he  says. 

OSRM, Kiln  and  Miller  have  not  been  pre¬ 
selling  the  insurance  policy,  but  Egger  says 
he  expects  to  announce  the  first  customer 
for  the  policy  shortly. 

Over  the  next  three  to  four  years,  Egger 
says  he  expects  Global  2000  companies  to 
have  clear  policies  and  procedures  in 
place  about  how  to  deal  with  open  source 
software.  Many  companies  are  starting  to 
realize  they  may  have  a  problem  with 
open  source  licenses  and  are  beginning  to 


educate  their  developers. 

“It  has  been  a  long  time  coming,”  says 
Michael  Goulde,  senior  analyst  with 
Forrester  Research,  alluding  to  the  time 
OSRM  has  taken  to  go  public  with  the 
insurance  policy  first  talking  up  the  idea  in 
March  2004.  Egger  says  that  completing 
the  policy  has  proved  a  complicated 
undertaking. 

“The  policy  is  somewhat  limited  com¬ 
pared  to  the  broader  needs  customers  have 
to  get  assurance  against  any  potential  lia¬ 
bilities,”  Goulde  says.  However,  the  policy 
will  probably  whet  customers’  appetites  for 
different  types  of  insurance  policies  to 
cover  their  software.  The  key  thing  is  for 
OSRM  and  its  partners  to  accurately 
explain  to  customers  what  the  new  policy 
covers,  he  says.  ■ 
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Power  Protection  is  No  Longer  Invisible 
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You  know  you’re  well  protected  because  you  can  see  Tripp  Lite’s  new  Digital  UPS  Systems  in  action! 


LCD  display  shows  power  conditions  in  real  time  and  actions 
the  UPS  is  taking  to  correct  power  problems 


Low  Voltage  Conditions  Blackout  Conditions 


Other  Features  Include... 

•  2.2  GHz  coaxial  surge  protection  on  select  models 
safeguards  digital  and  high-speed  broadband  connections 
while  reducing  signal  loss 

•  Versatile  cabinet  adapts  to  tower  and  rackmount  (2U) 
applications — LCD  rotates  for  easy  viewing  in  either  position 

•  Automatic  Voltage  Regulation  (AVR),  tet/DSL  surge 
protection  options,  USB  port,  FREE  software  and  up  to 
$250,000  Ultimate  Lifetime  Insurance 


Free  Tripp  Lite  Digital  UPS  System 

Register  for  a  chance  to  win  a  FREE  SMART1000LCD 
UPS  System  in  a  Tripp  Lite  product  drawing. 

Be  one  of  the  first  people  to  own  the  most  revolutionary 
UPS  on  the  market! 

Go  to:  www.tripplite.com/WINnetwork 
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Today,  Bob  rebooted  servers  in  San  Diego, 
fixed  a  network  in  Albuquerque  and  watched 
his  son  earn  bragging  rights  in  Dallas. 


With  Avocent  data  center  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts 
secure  access  and  control  right  at  your  fingertips  -  from  multi-platform  servers  to  network  routers,  remote  data 
centers  to  field  offices.  You  can  manage  everything  from  a  single  screen,  from  virtually  anywhere.  This  means  you  can 
troubleshoot,  reboot  or  upgrade  your  data  center  devices  -  just  as  if  you  were  sitting  in  front  of  them.  Avocent 
simplifies  your  workday.  What  you  do  with  the  extra  time  is  up  to  you. 
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32  *  www.networkworld.com  •  11.7.05 


Pooled  storage  cited  in  improved  mgmt 

Early  network-attached  storage  virtualization  adopters  also  find  disaster  recovery,  cost  benefits. 


BY  DENI  CONNOR 

or  Ibis  Consulting,  network-attached 
storage  had  turned  into  too  much  of 
a  good  thing. With  the  amount  of  data 
on  its  NAS  devices  hitting  200T  bytes, 
accessing  files  and  managing  the  environ¬ 
ment  had  become  unwieldy,  says  Cliff 
Dutton,  executive  vice  president  and  CTO 
at  the  Providence,  R.I.,  company  that  spe¬ 
cializes  in  electronic  discovery  and  com¬ 
pliance  matters. 

”We  don’t  know  in  advance  how  much 
disk  space  to  allocate  to  a  customer’s 
project,  so  we  wanted  to  have  more 
dynamic  allocation  of  the  [disk  space] 
than  what  was  possible  with  direct  man¬ 
agement  of  the  NAS  device,”  Dutton  says. 
“We  would  have  to  reconfigure  the  NAS 
device  manually  —  that  takes  a  lot  of  IT 
labor.” 


To  address  the  problem,  Ibis  has  turned 
to  virtualization,  a  technology  that  a  grow¬ 
ing  number  of  NAS  customers  are  adopt¬ 
ing.  A  recent  survey  from  Peripheral 
Concepts  and  Coughlin  Associates  of 
2,111  storage  customers  shows  that  16% 
have  virtualized  their  NAS  environments 
and  the  number  will  triple  in  the  next  12 
months. 

At  the  sites  surveyed,  data  is  growing  at 
60%  a  year,  Peripheral  Concepts  says. 

“Managing  this  high  number  of  dis¬ 
crete  file  systems  and  dealing  with  addi¬ 
tions,  changes  and  migrations  has 
proven  to  be  a  very  difficult  and  time- 
consuming  task,”  says  Farid  Neema, 
senior  analyst  for  Peripheral  Concepts. 
“By  creating  a  single  logical  view  across 
multiple  NAS  systems,  NAS  virtualization 
addresses  the  scaling,  performance  and 
management  problems  that  plague  NAS 
today” 

What's  available 

NAS  virtualization  offerings  come  in 


the  form  of  appliances  and  software.The 
products  aggregate  individual  file  sys¬ 
tems  on  NAS  boxes  or  file  servers  into  a 
common  pool,  called  a  global  name- 
space,  that  can  be  managed  from  a  sin¬ 
gle  point. 

The  namespace  is  a  logical  layer  that 
sits  between  clients  and  file  systems, 
aggregates  heterogeneous  file  systems 
and  presents  them  to  users  and  applica¬ 
tions  in  a  single,  logical  view. 

NAS  virtualization  products  are  available 
from  a  mix  of  established  and  new  com¬ 
panies.  EMC,  for  example,  bought  NAS  vir¬ 
tualization  appliance  company  Rainfinity 
and  Network  Appliance  last  spring  intro¬ 
duced  the  V-Series  appliance,  which  han¬ 
dles  NAS  and  storage-area  network  (SAN) 
virtualization. 

Network  Appliance  says  it  will  use  its 


Spinnaker  Networks  acquisition  in  the  first 
half  of  next  year  to  enable  its  Data  ONTAP 
operating  system  to  span  several  V-Series 
appliances  in  such  a  way  that  they  can  be 
managed  as  one. 

Start-ups  get  involved 

A  host  of  start-ups  also  has  entered  the 
market.  These  include  1  Vision  Software, 
Acopia  Networks,  Attune  Systems,  Neo¬ 
path  Networks  and  NuView.  Except  for 
NuView  and  lVision,  these  companies 
offer  appliances  that  sit  on  the  network 
and  act  as  gateways  to  collect  file-system 
information  from  individual  NAS 
devices  and  present  it  as  a  single  virtual 
file  system. 

NuView’s  implementation,  StorageX, 
resides  on  a  Windows  file  server  and 
manages  and  aggregates  Microsoft  Com¬ 
mon  Internet  File  System  and  Unix/Linux 
Network  File  System  files.  Network 
Appliance  has  an  OEM  agreement  with 
NuView  for  its  StorageX  technology, 
which  Network  Appliance  sells  as  the 


Virtual  File  Manager. 

Ibis  bought  two  NAS  virtualization  appli¬ 
ances  from  Acopia  and  connected  them 
to  its  Gigabit  Ethernet  network  to  intercept 
and  organize  files  stored  on  two  BlueArc 
NAS  arrays. 

Dutton  says  the  boxes  are  designed  to 
solve  a  number  of  problems.  He  had 
found,  for  example,  that  the  size  of  a  cus¬ 
tomer’s  data  set  would  often  exceed  the 
amount  of  space  allocated  for  it  and  that 
would  force  IT  to  spend  more  time  creat¬ 
ing  additional  volumes,  migrating  the 
data  to  them  and  updating  applications 
running  on  250  servers  so  they  could 
access  the  data. 

Dutton  also  needed  a  way  to  stabilize 
the  widely  swinging  utilization  of  the  two 
BlueArc  arrays,  which  store  the  data,  and 
provide  sufficient  throughput  to  the 
servers  that  accessed  the  data. 

“With  Acopia’s  ARX,  we  are  able  to  more 
evenly  distribute  data  across  the  entire 
NAS  environment  and  get  better  capacity 
utilization,” says  Dutton,  who  adds  that  the 
utilization  on  his  arrays  could  otherwise 
vary  between  10%  and  90%. “If  we  have  a 
lot  of  data  in  one  spot  in  the  NAS  array, 
and  all  of  our  servers  are  addressing  that 
one  spot,  there  is  the  possibility  of  I/O 
bottlenecks.” 

Experience  in  Texas 

Baylor  College  of  Medicine  in  Houston 
uses  Network  Appliance  V-Series  boxes  to 
virtualize  its  NAS  and  SAN  environments. 

“The  biggest  thing  was  being  able  to 
consolidate  islands  of  storage  across  the 
college,”  says  Mike  Layton,  director  of 
enterprise  services. 

“We  had  large  filers  with  localized  stor¬ 
age  that  we  could  not  grow  to  meet  our 
other  storage  needs,”  he  adds. 

Layton  says  the  school  has  been  able 
to  increase  its  storage  utilization  and 
improve  overall  storage  management. 

Baylor  has  virtualized  its  Hitachi  Data 
Systems  9980  and  9585  arrays  behind  a 
cluster  of  V-Series  appliances.  Layton 
says  he  also  has  a  number  of  Network 
Appliance  FAS980C  servers  behind  the  V- 
Series  to  serve  his  file-based  storage 
needs. 

Early  adopter  in  Georgia 

Mohawk  Industries,  a  Calhoun, Ga.,  car¬ 
pet  and  tile  maker,  is  another  early 
adopter  of  NAS  virtualization.  It  uses 


Virtually  there 

A  sampling  of  vendors  that  offer 
NAS  virtualization  products. 


Company/Product 

Type  of 
product 

Price 

lVision  Software/ 
VNAS  Module 

Software 

$700  per 
server 

Acopia/Adaptive 
Resource  Switch 

Appliance 

Starts  at 

1  $25,000 

Neopath/File 

Director 

Appliance 

i  Starts  at 
|  $30,000 

Network  Appliance/ 
V-Series 

Appliance 

I  Starts  at 

$30,000 

NuView/StorageX  Software  S2.000  per 

server 


Rainfinity  (EMC)/  j  Appliance  j  $80,000 
RainStorage 

NuView’s  StorageX  to  manage  275  NAS 
devices  and  50  file  servers  in  different 
tile  stores,  says  Leon  Verriere,  manager  of 
systems  engineering. 

With  StorageX,  he  is  able  to  consolidate 
storage  to  the  data  center  and  as  a  result, 
build  a  reliable  disaster-recovery  and 
back-up  plan. 

“The  problem  we  had  was  often  hard- 
ware-related  —  a  server  needed  to  be  re¬ 
placed,  or  a  NAS  device  would  die,” 
Verriere  says.  “The  largest  cost  savings  we 
have  from  using  StorageX  is  we  did  not 
have  to  implement  any  localized  back-up 
system  for  our  stores.” 

The  new  setup  also  is  saving  the  organi¬ 
zation  $300,000  annually,  Verriere  says.  He 
has  reduced  the  number  of  IT  staff  that 
manages  NAS  from  four  or  five  full-time 
people  to  two  part-timers.  ■ 
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The  latest  moves 

Catch  up  on  EMC’s  NAS  efforts,  including  its: 

•  Dropping  of  Windows-based  NAS  gateways. 

DocFinder:  9632 

•  High-end  NAS  gateway  launch.  DocFinder:  9633 

•  Buyout  of  NAS  virtualization  vendor  Rainfinity. 

DocFinder:  9634 


“We  don’t  know  in  advance  how  much  disk  space 
to  allocate  to  a  customer’s  project,  so  we  wanted 
to  have  more  dynamic  allocation  of  the  [disk 
space]  than  what  was  possible  with  direct 
management  of  the  NAS  device.” 

Cliff  Dutton,  executive  vice  president  and  CTO,  Ibis  Consulting 
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Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security/IT 


Free  Tools  and  Updates:  Streamline  patch  management 
with  automated  tools  like  Windows  Server™  Update  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft  Baseline  Security  Analyzer. 

Microsoft  Security  Assessment  Tool:  Complete  this 
free,  online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content. 


Learning  Paths  for  Security:  Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet. 
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»  Remote  users  calling  it  quits?  You  need  Secure  and  Assured  application  acceleration, 
only  from  Juniper  Networks.  It  means  superior  application  delivery  and  performance  for 
all  users  -  employees,  customers  and  partners.  Plus  increased  control,  and  improved 
productivity.  For  more  info,  visit  www.juniper.net/appaccel 
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Short  Takes 


■  SPI  Dynamics  has  announced  a 
software  addition  to  its  vulnerability- 
assessment  products  that  will  let  cus¬ 
tomers  check  Web  applications  and 
services  for  conformance  to  a  variety 
of  legal  and  regulatory  requirements, 
including  the  California  SB  1386  data- 
privacy  law,  the  Gramm-Leach-Bliley 
Act  and  the  Health  Insurance  Porta¬ 
bility  and  Accountability  Act.  The 
software  module,  called  the  SPI 
Dynamics  Compliance  Pack,  is  avail¬ 
able  as  a  free  upgrade  for  Web- 
Inspect,  QAInspect  and  the  Assess¬ 
ment  Management  Platform. 

■  Cofltinuent,  the  former  Ernie 
Networks,  which  specializes  in  build¬ 
ing  highly  available  clustering  soft¬ 
ware  for  customers  using  MySQL 
databases,  is  expanding  its  focus  to 
include  a  wider  range  of  open  source 
and  proprietary  database  environ¬ 
ments.  The  company  last  week 
announced  its  new  name  and  outlined 
its  expanded  product  line  and  its 
upgraded  m/cluster  software  for 
MySQL,  which  will  support  Windows, 
Unix  and  Linux. The  upgrade  is  set  to 
be  available  early  next  year  and  is 
priced  starting  at  $5,000  per  CPU. 
Continuent’s  p/cluster  for  Postgres  is 
in  beta  and  is  expected  to  be  avail¬ 
able  next  year.  Support  for  Microsoft 
SQL  Server,  Sybase  and  Oracle  data¬ 
bases  will  come  later  in  2006,  as  will 
uni/clusterfor  universal  database 
support,  the  company  says. 

■  ObjectWeb  Consortium’s  open 
source  software  stack  now  includes  a 
business-intelligence  platform. 
Engineering  Ingegneria  Informatica 
SpA,  a  systems  integrator,  is  con¬ 
tributing  SpagoBI,  a  business-intelli¬ 
gence  platform  built  on  the  Spago 
J2EE  framework.  SpagoBI  can  be 
used  to  build  reports  and  dashboards 
using  data  mining,  query  by  example 
and  online  analytical  processing  tech¬ 
niques.  Engineering  Ingegneria  has 
tested  SpagoBI  with  DB2  UDB, 
HSQL,  MySQL,  Oracle  and 
PostgreSQL  databases.  SpagoBI  can 
be  downloaded  from  www.network 
world.com,  DocFinder:  9634. 


IT  asset  mgmt  gets  fancy 

Sun,  others  keep  inventory  ofphysical  assets  using  wireless  tags. 


BY  ANN  BEDNARZ 

Instead  of  spending  $2  million  each  year 
to  physically  inventory  the  contents  of  its 
Newark,  Calif.,  testing  lab,  Sun  spent  about 
$200,000  to  implement  a  system  that  uses 
wireless-sensor  technology  to  find  gear. 

The  6,000-square-foot  facility  houses 
more  than  10,000  servers  and  other  com¬ 
puting  devices.  By  tagging  each  with  an 
RFID  label,  Sun  can  verify  the  location  — 
down  to  the  server  rack  —  and  physical 
characteristics  of  every  lab  asset,  whether 
or  not  it’s  linked  to  a  network. 

“In  this  kind  of  environment,  assets  go 
online  and  offline  quite  a  bit,  and  they  get 
moved  around,”  says  Julie  Sarbacker,  direc¬ 
tor  of  Sun’s  RFID  business  unit.  Traditional 
network-based  asset-management  software 
doesn’t  keep  tabs  on  non-networked  assets, 
so  devices  that  weren’t  in  use  often  weren’t 
accounted  for,  she  says. 

Sun  isn’t  alone  in  turning  to  technology 
for  help  in  locating  and  managing  expen¬ 
sive  physical  assets,  according  to  The 


Keeping  tabs  on  IT  gear 

Wireless  asset-tracking  technology 

can  pinpoint  the  location  of 

equipment,  including  IT  gear. 

Strengths: 

•  Generally  clear  ROI  for  in-house  asset-tracking 
systems. 

•  Adds  location  data  to  traditional  asset-management 
software. 

•  Reduces  the  effort  and  expense  of  manual 
inventory  processes. 

Challenges: 

•  RFID  tag  prices. 

•  Interference  issues  related  to  tagging  metal 
computer  gear. 

•  Requires  integration  with  existing  asset- 
management  software. 


Yankee  Group.  Enterprise  adoption  will 
drive  the  market  for  real-time  location  sys¬ 
tems  from  $20  million  in  2005  to  $1.6  billion 
by  2010,  the  research  firm  estimates.  The 
surge  is  caused  in  part  by  accelerating  Wi-Fi 
deployments  and  the  availability  of  more- 
mature  RFID  technologies. 

The  primary  users  of  real-time  location 
systems  are  healthcare,  manufacturing 
and  logistics  companies,  says  Marcus 
Torchia,  a  senior  analyst  at  The  Yankee 
Group.  Healthcare  companies  use  loca¬ 
tion  systems  to  keep  tabs  on  easily  mis¬ 
placed  hospital  mobile  medical  equip¬ 
ment,  for  example. 

To  date,  tracking  enterprise  assets,  such 
as  servers,  with  RFID  is  a  very  small  subset 
of  the  market,  but  it’s  a  valid  scenario, 
Torchia  says. “The  beauty  of  the  technolo¬ 
gy  is  you  can  tag  any  asset  and  have  visi¬ 
bility  to  it,  inside  a  building  or  on  a  cam¬ 
pus.  It  doesn’t  really  matter  where  it  is  or 
what  its  application  is.” 

See  RFID,  page  38 


Special  Operations  inventories  desktops 


BY  JOHN  FONTANA 

Special  Operations  Software  this  week 
plans  to  unveil  an  extension  to  Micro¬ 
soft’s  Active  Directory’s  management  fea¬ 
tures  that  will  let  users  take  inventory  of 
everything  installed  and  configured  on  a 
desktop. 

Specops  Inventory  is  tied  into  the  group- 
policy  features  of  Active  Directory  and  is 
designed  to  give  users  the  ability  to  collect 
and  report  on  PC  and  user  data. 

Microsoft’s  group-policy  objects,  which 
are  supported  on  Windows  2000  and  XP 
and  on  Windows  Server  2003,  let  adminis¬ 
trators  manage,  customize  and  lock  down 
desktop  and  server  settings  based  on  a  set 
of  policies  maintained  in  the  directory. 

“Group  policy  is  a  powerful  and  conve¬ 
nient  way  to  centrally  manage  software 
settings  and  restrictions  so  you  can  sup¬ 
port  various  configurations  and  lock- 


|  See  how  NetlQ  fared  in  our  test  of 
tools  for  group  policy  management, 
page  46. 


down  settings,”  says  Peter  Pawlak,  an  ana¬ 
lyst  with  independent  research  firm 
Directions  on  Microsoft.  “We  would  love 
to  see  it  become  a  Windows  software 
standard,  so  that  any  company  that  cre¬ 
ates  a  product,  whether  server  or  client, 
would  have  a  way  to  centrally  manage 
those  things  through  group  policy’ 

Special  Operations  is  taking  a  bit  of  a  dif¬ 
ferent  tack  initially  by  using  components  of 
its  client-management  software  Special 
Operations  Suite,  which  includes  inventory, 
and  reworking  them  as  group-policy  exten¬ 
sions  that  plug  into  the  Group  Policy  Editor 
in  Active  Directory  Special  Operations’ con¬ 
version  of  its  suite  lets  companies  build  on 
familiar  Microsoft  tools  rather  than  having 
to  learn  new  interfaces.  Specops  Inventory 
does  not  require  users  to  install  any  soft¬ 
ware  on  their  clients. 

“A  lot  of  users  have  been  asking  us, ‘Why 
should  we  set  up  products  and  buy  extra 
servers  instead  of  using  what  we  already 
have?”’ says  Robert  Lundh.CEO  of  Special 
Operations.  “So  we  are  extending  what 
people  already  have.” 

Special  Operations  also  is  extending  what 


users  can  inventory  going  beyond  just  hard¬ 
ware  and  software  data  with  Specops 
Inventory'  and  looking  at  user  data,  such  as 
what  print  queues  are  in  use  and  what  the 
mapped  network  drives  are. 

The  inventory  capabilities  also  allow 
users  to  collect  and  report  on  installed 
operating  systems, services  and  drives, secu¬ 
rity  information,  registry  data,  and  user  pro¬ 
files  and  settings. 

IDC  says  close  to  80%  of  users  in  North 
America  have  Active  Directory  deployed, 
and  third-party  vendors  are  racing  to  pro¬ 
vide  extension  and  ease-of-use  enhance¬ 
ments  around  group  policy  In  the  past  few 
months,  Desktop  Standard,  NetPro,  Quest 
ScriptLogic  and  Microsoft  have  released 
software  to  enhance  group  policy 

Specops  Inventory  requires  a  SQL  Server 
database  or  Microsoft  SQL  Server  2000 
Desktop  Engine.  Inventory  is  priced  at  just 
under  $  1 1  per  user  for  500  to  1 ,000  users.  ■ 
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IBM  eServer™  xSeries 


TECHNOLOGY  THAT  GETS  YOU 

“EVERYTHING’S 


Affordable,  reliable,  easy  fo  manage:  eServer  xSeries  with  Intel®  Xeon™  Processors 


An  entry-level  2-way  server  that 
offers  the  reliability  and 
performance  needed  for  day-to- 
day  computing.  Easy  to  set  up 
and  deploy,  with  access  to  all 
major  system  components. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 
Two-way  tower  with 
rack  capability 
Up  to  6  hot-swappable 

SCSI  hard  disk  drives _ 

Integrated  RAID  0,1 

Limited  warranty:  up  to  3 
years  on-site3 

From  $1,6394* 

(Other  configurations  as  low  as  $1,229) 


IBM  Financing  Advantage 

Only  $46  per  month5 


Help  maximize  performance  and 
improve  availability  in  a  rack 
dense  environment  with 
Xtended  Design  Architecture™ 
Includes  Calibrated  Vectored 
Cooling,  an  IBM  innovation  that 
helps  increase  uptime. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 

Two-way  2U  rack  server 

Up  to  16GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 

Limited  warranty: 

3  years  on-site3 

From  $3,3154* 

(Other  configurations  as  low  as  $2,219) 

IBM  Financing  Advantage 

Only  $93  per  month5 


IBM’s  newest  third-generation 
Enterprise  X- Architecture® 
server.  Designed  for  companies 
looking  for  database,  e-mail, 
Web/e-commerce  or  consolidated 
application  serving. 

System  features  msm 

Up  to  four  64-bit  Intel®  Xeon™ 
Processors  MP,  up  to  3.66GHz 

Four-way  tower  or  7U  rack 
capability 

Up  to  3.6TB  hot-swappable 
SAS  (serial  attach  SCSI) 
hard  disk  storage 

Up  to  64GB  of  memory  with 
advanced  memory  protection 

Limited  warranty:  3  years  on-site3 

From  $5,3994* 

(Other  configurations  as  low  as  $4,599) 

IBM  Financing  Advantage 

Only  $151  per  month5 
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Flexible  and  easy  fo  use 


IBM  eServer  BladeCenter  HS20  Express 

Offers  extreme  flexibility  and 
scalability,  plus  it  helps  to 
consolidate  and  simplify  your 
infrastructure.  Helps  reduce 
power  consumption  and  save 
valuable  floor  space. 


System  features 

Up  to  two  Intel®  Xeon™ 

_  Processors  3.20GHz/2MB 
Up  to  14  blades  per  chassis 

Supports  both  32- 
and  64-bit  applications 

IBM  Director2 

Limited  warranty: 

3  years  on-site3 


From  $2,8994* 

(Other  configurations  as  low  as  $1,669) 

iBM  Financing  Advantage 

Only  $81  per  month5 


IBM  TotalStorage®  Simplify  storage  management  to  improve  productivity 


IBM  TotalStorage  DS300  Express 

This  entry-level,  cost-effective  iSCSI  host- 
attached  storage  system  utilizes  your  existing 
network  infrastructure  to  deliver  advanced 
functionality.  Provides  an  exceptional  SAN 
storage  solution  with  xSeries  servers  for 
e-mail/file/print. 


System  features 

3U  rack  mount  entry-level 
with  two  controllers 
Support  for  up  to  14 

Ultra320  SCSI  disk  drives  ' 

From  $6,4554*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $2,995)  Only  $180  per  month5 


Starts  at  584GB  / 
scales  to  4.2TB6 
Limited  warranty:  1  year 
on-site3 


‘All  prices  are  IBM’s  estimated  relail  selling  prices  as  of  September  13, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  tor  offerings 
in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  IBM  Director  is  not  available  on  ToialStorage  products.  2.  IBM  Director  must  be  installed.  Products  included  in  IBM  Express  Servers  and  Storage  may 
also  be  purchased  separately.  3.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only  for  selected  components.  4.  Prices  subject 
to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  5.  IBM  Global  Financing  offerings  are  provided  through  IBM 
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USED  TO  SAYING: 
UNDER  CONTROL!' 


IBM  Express  Servers  and  Storage ™  for  mid-sized  business. 

Know  an  IT.  person  who  doesn’t  like  to  hear  that  “everything’s  under  control”? 
We  don’t.  That’s  why  we  offer  an  innovative  management  tool  called  IBM 
Director  that  can  alert  your  I.  T.  people  to  potential  problems  up  to  48  hours  in 
advance ! 

And  our  Calibrated  Vectored  Cooling  on  select  xSeries®  servers  helps  cool  your 
systems  more  efficiently  Packing  more  servers  into  a  single  rack.  Helping  to 
save  space,  energy,  money. 

With  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers,  storage 
and  printers.  Your  local  IBM  Business  Partner  can  tell  you  more.  And  remember, 
you  can  keep  your  technology  current  while  helping  to  reduce  costs  -  through 
IBM  Global  Financing. 

Excited?  No  need  to  control  yourself.  Get  started  today. 


Save  time.  Save  costs.  Save  the  day!  (Optimize your I.T.) 

ibm.com/systems/innovatel 

1  800-IBM-7777  mention  104CE04A 


IBM  TotalStorage  DS400  Express 


System  features 


Exceptional  entry-level  solution  for  workgroup 
storage  needs.  With  advanced  functionality, 
the  DS400  supports  xSeries  servers  and 
utilizes  hot-swap  Ultra320  SCSI  drives  for 
high  reliability. 


3U  rack  mount  entry-level  with  up  to  Starts  at  584GB  /  scales  to  12TB6 
two  controllers 

2GB  Fibre  Channel  storage  systems  Limited  warranty:  1  year  on-site3 
area  network  (SAN) 

From  $8,4954*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $237  per  month5 


Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  offer  provided  is 
based  on  a  FMV  lease  of  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  6.  Denotes  raw  storage  capacity.  Usable  capacity  may  be  less.  IBM.  the  IBM  logo.  eServer,  BladeCenter.  xSeries, 
TotalStorage,  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside 
logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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Commenting  on  DMCA:  A  futile  exercise? 


NET  INSIDER 

Scott  Bradner 


It’s  been  just  over  seven  years 
since  President  Clinton  signed  the 
Digital  Millennium  Copyright  Act 
into  law  As  was  clear  from  the 
beginning,  the  DMCA  is  a  total 
capitulation  to  those  who  think 
that  copyright  is  more  important 
than  just  about  anything  else.  The 
experiences  of  the  last  seven 
years  have  shown  that  the  law  has 
done  little  to  truly  protect  copy¬ 
right  holders,  but  it  has  put  the 
corporate  environment  at  in¬ 
creased  risk  from  those  who 
would  subvert  it. 

For  the  next  month  you  have  a 


chance  to  tell  the  U.S.  government 
how  broken  the  trade-off  inherent 
in  the  DMCA  is,  and  I  urge  you  to 
do  so,  even  if  I  expect  making 
comments  will  be  an  exercise  in 
frustration. 

There  are  a  lot  of  things  in  the 
DMCA  (www.networkworld.com, 
DocFinder:  9622).  A  few  of  them 
might  even  be  good,  but  there  is 
one  very  bad  part  —  the  prohibi¬ 
tion  of  the  possession  of  circum¬ 
vention  technology  The  law  pro¬ 
hibits  “any  technology  product, 
service,  device,  component,  or 
part  thereof,  that  ...  is  primarily 
designed  or  produced  for  the  pur¬ 
pose  of  circumventing  protection 
afforded  by  a  technological  mea¬ 
sure  that  effectively  protects  a 
right  of  a  copyright  owner” 

This  provision  basically  says  that 
you  cannot  test  to  see  whether  the 


security  on  a  product  or  service 
you  purchase  is  any  good  without 
being  at  risk  of  being  sued  —  and 
many  suits  have  been  threatened 
or  filed  over  products  from  printer 
cartridges  to  garage-door  openers. 
The  American  Library  Association 
maintains  a  Web  site  concerning 
the  DMCA  (DocFinder:  9623). 

Over  the  years  I’ve  written  a 
number  of  columns  about  the 
DMCA  and  its  effects.  See,  for 
example,  “Legally  mandated  stu¬ 
pidity”  (DocFinder:  9624),  “Bad 
law  or  really  bad  law?”  (Doc¬ 
Finder:  9625)  and  “Reach  for  the 
stupid  juice”  (DocFinder:  9626). 

Part  of  the  DMCA  requires  the 
U.S.  Copyright  Office  to  review 
the  effect  of  the  law’s  anti-cir¬ 
cumvention  provision  every 
three  years.  In  the  past  two 
reviews,  the  office  has  carved  out 


a  few  important  exceptions  but 
has  left  in  place  the  basic  flaw  in 
the  provision  prohibiting  circum¬ 
vention  technology. 

That  flaw  is  the  presumption 
of  guilt,  because  mere  posses¬ 
sion  of  circumvention  tools  can 
be  a  crime.  There  is  no  require¬ 
ment  to  show  that  you  intended 
to  violate  someone’s  copyright 
protection. There  is  no  reason  to 
think  that  this  round  of  com¬ 
ments  will  cause  the  Copyright 
Office  to  fix  that  flaw,  because 
the  Copyright  Office  does  not,  in 
general,  seem  to  have  heard  of 
consumers.  (See  “Can  anyone 
down  there  spell  consumer?” 
[DocFinder:  9627])  In  spite  of 
the  office’s  obvious  bias,  there  is 
a  chance  that  it  will  add  more 
exceptions  to  its  short  list. 

So  if  you  have  something  seri¬ 


ous  to  suggest,  you  can  file  your 
comments  on  the  Copyright 
Office’s  Web  page  (DocFinder: 
9628).  But  note  that  polemics  like 
this  one  attacking  the  fundamen¬ 
tal  provisions  of  the  DMCA  or 
flames  against  the  recording 
industry  are  not  worth  the  bits 
they  use  up,  because  they  will  be 
seen  as  nonresponsive  to  the 
request  for  comments  and  thus 
will  be  ignored. 

Disclaimer:  Nonresponsive  po¬ 
lemics  seem  to  be  a  feature  of 
politicians,  but  I  did  not  ask  any¬ 
one  in  the  Kennedy  School  of 
Government  about  this. Thus,  it’s 
just  my  own. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


RFID 

continued  from  page  35 

In  the  past  Sun  hired  an  outside  contrac¬ 
tor  every  year  to  take  a  physical  inventory 
which  required  scanning  bar  codes  on  the 
back  of  each  device.  It  could  take  5  to  20 
minutes  to  inventory  the  contents  of  a  sin¬ 
gle  server  rack,  and  a  lab-wide  inventory 
took  weeks,  Sarbacker  says.  Now,  because 
RFID  tags  don’t  have  to  be  seen  to  be  read, 
the  lab  can  conduct  an  inventory  on  its 
own  in  less  than  an  hour. 

The  result  is  that  Sun  can  better  track  how 
its  assets  are  allocated  and  avoid  duplicate 
or  unnecessary  hardware  purchases,  says 
Jim  Clarke,  the  company’s  chief  RFID  archi¬ 
tect.  “Because  there’s  better  visibility,  we’re 
better  able  to  manage  the  resources  and 
don’t  have  to  buy  more  computers  when 
some  get  misplaced,”  he  says. 

In  addition  to  the  Newark  lab  rollout,  Sun 
tried  out  the  asset-tracking  system  in  its 
Milpitas,  Calif.,  distribution  center,  which 
handles  trade-show  equipment.  The  suc¬ 
cess  of  these  internal  projects  prompted 
Sun  to  put  together  a  commercial  version 
of  the  RFID-based  technology  which  it 
announced  late  last  month. 

The  RFID  Industry  Solution  for  Physical 
Asset  Tracking  includes  Sun’s  RFID  mid¬ 
dleware  and  services,  as  well  as  third-party 
products,  such  as  Applied  Logistics  Solu¬ 
tions’  mobile  asset-management  system. 
Combined,  the  products  allow  users  to 
keep  track  of  an  item’s  location,  and  mon¬ 
itor  its  maintenance  history  and  utilization 
statistics.  If  an  asset  is  not  in  its  designated 
location,  the  software  sends  an  alert  to 
management. 

Sun  isn't  alone  in  pursuing  the  market  for 
wireless-enabled  asset  tracking.  Start-up 


PanGo  Networks  —  which  has  inked  part¬ 
nerships  with  Cisco,  HP  and  Intel  —  offers  a 
location-management  platform  that  uses 
standard  Wi-Fi  networks  so  companies  can 
build  off  their  existing  wireless  LAN 
(WLAN)  infrastructure  investments. 

In  addition  to  the  need  to  reduce  loss  and 
improve  asset  utilization,  there’s  a  compli¬ 
ance-related  driver  spurring  enterprise 
interest  in  asset-tracking  technology  says 
Mike  Braatz,  vice  president  of  business 
development  at  PanGo.  Asset  tracking  helps 
companies  establish  a  clear  chain  of  cus¬ 
tody  and  a  corporate-asset  audit  trail,  as  is 
required  by  financial-reporting  legislation, 
such  as  the  Sarbanes-Oxley  Act. 

“Certainly  the  IT  department  needs  to 
know  where  its  stuff  is.  That’s  important,” 
Braatz  says.  “It’s  also  extremely  important 
that  the  financial  community  within  a  com¬ 
pany  has  a  good  handle  on  its  assets  and 
can  do  an  accurate  accounting  and  inven¬ 
tory  of  expensive  assets.” 

John  Halamka,  CIO  of  CareGroup 
Healthcare  System, says  the  Boston  health¬ 
care  organization  tracks  more  than  8,000 
IT  assets  using  traditional  asset  tags.  (In 
addition,  it  has  deployed  location-based 
tracking  technology  for  keeping  tabs  on 
certain  medical  equipment  and  on 
patients  and  staff.)  Adding  technology  that 
pinpoints  where  IT  devices  are  could  be 
beneficial.  “Since  many  of  our  assets  are 
mobile,  such  as  laptops,  computers  and 
PDAs,  it  would  be  very  helpful  to  know 
their  location,”  Halamka  says. 

Location-specific  information  could 
enable  more  detailed  management,  for 
example.  “Beyond  simple  asset-tracking, 
geo-location  can  be  used  as  a  form  of  secu¬ 
rity  or  decision  support,”  Halamka  says. 
Such  a  system  could  automatically  grant 


firewall  access  to  a  laptop  user  inside  a  hos¬ 
pital  or  automatically  limit  a  laptop  user 
located  in  the  intensive-care  unit  to  viewing 
ICU  patient  information. 

In  a  university  setting,  location-based  data 
culled  from  wireless-enabled  laptops  could 
be  used  to  limit  students’  access  to  certain 
applications,  depending  on  where  they  are, 
Yankee  Group’s  Torchia  suggests.  For  exam¬ 
ple,  a  university  might  wish  to  prevent  ac¬ 
cess  to  an  MP3  network  in  its  classrooms. 

Some  vendors  have  incorporated  loca¬ 
tion-identification  technologies  into  enter¬ 
prise  security  products, Torchia  says. 

Newbury  Networks,  for  example,  uses 
location-based  technology  to  detect  wire¬ 
less  rogue  access  points  and  restrict  unau¬ 
thorized  access  to  enterprise  WLANs. 


BY  JAMES  NICCOLAI,  IDG  NEWS  SERVICE 

Oracle  plans  to  release  a  free  version  of  its 
database  by  the  end  of  the  year  in  a  move 
to  compete  more  effectively  at  the  low  end 
of  the  market. 

Oracle  released  a  beta  version,  called 
Oracle  Database  lOg  Express  Edition,  last 
week  for  32-bit  Windows  and  Linux  sys- 
tems.The  software  can  be  downloaded  free 
for  development  and  limited  production 
use.  It  also  can  be  distributed  free  with 
third-party  products  from  independent  soft¬ 
ware  vendors  (ISVs),  Oracle  says. 

The  company  says  it  hopes  to  attract 
users  by  offering  them  a  free  starter  data¬ 
base  for  development  and  deployment  pur¬ 
poses.  Along  with  developers  it  wants  to 
attract  more  ISVs,  educators  and  students. 
Production  use  comes  with  restrictions.The 


Users  outside  a  designated  physical  bor¬ 
der  are  denied  access,  even  if  a  wireless 
signal  is  present. 

Looking  ahead,  a  key  reason  corporations 
will  adopt  closed-loop  sensor  systems  for 
asset  tracking  is  the  clear  ROI,  says  Erik 
Michielsen,  director  of  RFID  and  ubiquitous 
wireless  at  AB1  Research.  Broader  projects, 
such  as  pursuing  an  RFID-enabled  supply 
chain,  are  more  complicated. 

“There’s  usually  a  more  identifiable  and 
achievable  ROI  tied  to  an  asset-tracking  pro¬ 
ject,  because  it’s  going  to  be  a  small  project,” 
Michielsen  says.  “It’s  a  closed  loop,  so  you 
don’t  have  to  worry  about  handoffs  to  other 
companies  or  interoperability  or  standards. 
The  business  benefits  register  more  clearly 
with  users.”  ■ 


database  is  limited  to  use  with  4G  bytes  of 
data  and  1G  byte  of  RAM  and  can  be  used 
on  only  one  processor  per  server,  Oracle 
says.  The  same  conditions  apply  to  ISVs. 
Support  is  offered  via  an  online  user  forum. 

The  product  is  built  on  the  same  code 
base  as  Oracle’s  existing  lOg  databases  but 
with  some  options  removed,  so  applica¬ 
tions  will  run  unchanged  on  Oracle’s  high¬ 
er-end  databases,  according  to  Oracle. 

The  company  says  it  hopes  users  will  try 
the  free  version  and  upgrade  to  a  paid 
Oracle  product  if  their  data-management 
needs  outgrow  its  capacity 

Oracle  leads  the  relational  database  mar¬ 
ket  with  its  main  rival,  IBM.  But  Microsoft’s 
SQL  Server  is  gaining  ground,  analysts  say 
and  momentum  is  building  behind  open 
source  products  from  MySQL  and  others  ® 


Oracle  preps  free  database 
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Juniper  enhances  routers  for  IP  TV 


Video  boost  for  Juniper  routers 

Dynamic  bandwidth  allocation 

•  Adjusts  service  bandwidth  based  on  subscriber  activity. 

•  Distributes  unused  bandwidth  to  queues  in  the  same  traffic  class  before  distributing 
outside  the  class. 

•  Ensures  each  subscriber  gets  maximum  bandwidth  available  while  assuring  fairness  to  all. 
Network  Resource  Manager  for  video  distribution 

•  Dynamic  end-to-end  construction  of  label  switched  paths  (LSP). 

•  Dynamic  bandwidth  management/reassignment  per  LSP. 

•  Dynamic  failure  recovery. 

•  Generates  call  admission  control  profiles. 

•  Opportunity  to  track  customer  video-on-demand  sessions. 


BY  JIM  DUFFY 

Juniper  this  week  is  expected  to  unveil 
enhancements  to  its  routers  designed  to 
enable  the  devices  to  better  manage  band¬ 
width  for  video  applications. 

Juniper  has  added  a  feature  called 
dynamic  bandwidth  allocation  to  its  E- 
series  routers,  and  another  to  its  SDX 
Network  Resource  Manager  system  to  con¬ 
trol  video  distribution.  The  extensions  are 
designed  to  ensure  user  quality  of  experi¬ 
ence  irrespective  of  the  source  or  nature  of 
their  video  content. 

According  to  market  tracker  ln-Stat,32  mil¬ 
lion  subscribers  will  be  watching  TV  pro¬ 
vided  by  telecom  providers  in  2009,  up 
from  1 .6  million  at  the  end  of  2004.  Most  of 
those  viewers  will  be  in  Asia  and  Europe, 
two  continents  where  telecom  providers 
already  offer  service. 

Juniper  hopes  the  bandwidth  allocation 
feature  on  its  E-series  routers  makes  a  com¬ 
pelling  service  infrastructure  component 
for  providers. The  enhancement  adjusts  ser¬ 
vice  bandwidth  based  on  subscriber  activi¬ 
ty  and  distributes  unused  bandwidth  to 
queues  in  the  same  traffic  class  before  dis¬ 
tributing  outside  the  class. 

The  benefits  of  these  capabilities  are 
that  each  subscriber  gets  the  maximum 
bandwidth  available  while  ensuring  fair¬ 
ness  to  all  subscribers,  Juniper  says.  This 
translates  into  ensured  quality  of  experi¬ 
ence  and  reduced  expense  for  services 
providers  by  avoiding  additional  cus¬ 
tomer  premises  equipment  functionality, 
and  simplified  service  modification. 

The  additions  to  the  SDX  Network 
Resource  Manager,  which  is  a  policy  admin¬ 
istrator  for  Juniper  routers,  provide  dynam¬ 
ic,  end-to-end  construction  of  MPLS  paths 
from  the  video  source  to  the  network  edge. 
It  also  enforces  dynamic  bandwidth  man¬ 
agement  and  reassignment  per  label 
switched  path,  enabling  service  scaling 
without  customers’  experiencing  load 
problems,  Juniper  says. 

Analysts  say  the  enhancements  may  help 
Juniper  differentiate  itself  from  competitors 
Cisco,  Alcatel  and  Redback  Networks. 

“This  announcement  shows  that  vendors 
have  to  find  differentiation  any  way  they 
can,”  says  Mark  Bieberich  of  The  Yankee 
Group. “What  we  see  from  Juniper  is  a  sign 
of  increased  competition.  They’re  looking 
to  gain  a  competitive  edge  and  I  believe 
that  this  particular  feature  is  compelling, 
but  it’s  part  of  a  very  complex  mix  of  capa¬ 


bilities  that  have  to  be  proven.” 

One  area  where  Juniper  might  be  vulner¬ 
able  in  IP  TV  is  in  Ethernet  aggregation, 
Bieberich  says.  Juniper  espouses  an  IP  TV 
network  architecture  in  which  access  to  the 
three  sources  of  video  distribution  — 
broadcast,  video  on  demand  and  Internet 
—  is  through  the  company’s  E320  router. 
The  company  says  funneling  everything 
through  the  E320  provides  a  single  con¬ 
verged  network  for  all  services,  and  a  com¬ 
mon  service  delivery  point  for  sharing 
resources.  It  also  simplifies  access  aggrega¬ 
tion  by  centralizing  complex  tasks. 

Other  vendors  advocate  an  approach 
whereby  Gigabit  Ethernet  switches  aggre¬ 
gate  traffic  from  DSL  access  multiplexers 
and  assign  separate  per  service  virtual 
LANs  or  virtual  circuits  that  fan  out  from  the 
switches  toward  their  corresponding  video 
sources.  Juniper  says  this  approach  is  too 
static  to  accommodate  bandwidth  reallo¬ 
cation  between  services  and  additions  to 
video  service,  such  as  HDTV  or  a  migration 
to  interactivity 


One  of  the  toughest  challenges  we  tech¬ 
nologists  face  lies  in  justifying  the  use  of 
technology  at  an  organizational  level.  Sure, 
PDAs,  flat-screen  TVs  and  the  like  have 
made  our  lives  immeasurably  better  on  a 
personal  level.  Communication  tools,  in 
particular,  help  us  interact  quickly  and 
effectively  with  our  friends  and  families. 

But  how  do  these  personal  benefits  trans¬ 
late  to  measurable  organizational  benefits? 
Or  is  it  possible  that  the  era  of  enterprise  IT 
is  coming  to  an  end  as  IT  focuses  increas¬ 
ingly  on  enhancing  personal,  rather  than 
organizational,  productivity?  The  next  wave 
of  communication  technology  seems 
focused  on  improving  individual  productiv¬ 
ity  —  and  is  finding  its  way  into  corpora¬ 
tions  almost  as  an  afterthought.  Consider 
instant  messaging,  which  started  as  a  con¬ 
sumer  application  but  has  been  adopted 
by  more  70%  of  the  companies  I  encounter. 

That  would  almost  imply  that  enterprise 


“Both  sides  have  wins  and  both  sides 
can  point  to  successes,”  says  analyst  Mark 
Seery  of  Ovum.  Scale  is  always  an  issue 
which  affects  what  makes  sense  at  what 
point  in  time.” 

Dynamic  bandwidth  allocation  is  avail¬ 


technology  should  be  designed  first  and 
foremost  from  the  standpoint  of  the  indi¬ 
vidual  user,  which  makes  a  certain  amount 
of  sense  —  after  all,  if  a  technology  is  good 
for  individuals,  surely  it  should  be  good  for 
organizations,  which  are  basically  collec¬ 
tions  of  individuals. 

But  one  thing  that  gets  lost  in  looking  at  IT 
purely  from  that  perspective  is  that  corpo¬ 
rations,  unlike  individuals,  tend  to  have 
clear  and  defined  goals.  Corporations  make 
profits.  Hospitals  save  lives.  And  so  on.  IT 
may  be  able  to  help  organizations  achieve 
their  goals  without  necessarily  improving 
the  daily  life  of  end  users.  In  other  words, 
“easy  to  use”  may  have  different  —  even 
conflicting  —  definitions  depending  on 
whether  the  ultimate  end  user  is  viewed  as 
the  individual  or  the  organization. 

A  striking  example  dates  back  to  the  days 
of  Alexander  the  Great.  One  of  the  many 
innovations  he  brought  to  warfare  was  the 
use  of  the  sarissa,  a  16-foot  pike  deployed 
by  his  Macedonian  infantry,  which  provid- 


able  on  the  E-series  at  no  additional  charge 
to  customers  with  JUNOSe  software  Version 
6.1.2  or  higher. 

The  SDX  Network  Resource  Manager  will 
be  included  as  part  of  the  SDX  software  at 
no  additional  cost.  ■ 


ed  a  competitive  edge  over  other  armies 
because  of  its  extremely  long  reach. 

Alexander  also  changed  the  rules  when 
he  deployed  infantry  in  a  square  or  dia¬ 
mond  formation,  which  yielded  the  ulti¬ 
mate  in  flexibility  Instead  of  confronting 
individuals  one-on-one,  the  enemies  found 
themselves  facing  a  cohesive  unit. 

The  takeaways?  Recognize  that  individu¬ 
als  and  organizations  have  different  and 
sometimes  conflicting  goals  —  and  assess 
the  value  of  the  technology  according  to 
both.  Realize  that  to  provide  your  organiza¬ 
tion  with  the  IT  edge,  it’s  not  enough  to 
introduce  the  technology  —  you  also  have 
to  adapt  your  organizational  processes  to 
take  advantage  of  it.  And  finally  empower¬ 
ing  groups  of  people  isn’t  always  the  same 
thing  as  empowering  individuals. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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NOLOGY  UPDATE 


AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Status  of  fed  encryption  standard  gains 


HOW  IT  WORKS:  FIPS  140-2  certification 

Encryption  products  must  undergo  detailed  review  and  testing  by  a  NIST- 
approved  agency  to  ensure  the  integrity  of  the  implementation. 

Cryptographic  Accredited  FIPS 


certificate 

□  The  vendor  selects  a  lab,  submits  a  module  for  testing  and  pays  a  testing  fee. 


B  The  lab  tests  the  module  for  conformance  to  the  FIPS  140-2  encryption  standard. 

H  The  vendor  writes  the  test  report  and  the  lab  approves  it  and  submits  it  to  NIST  for  validation. 
□  NIST  issues  a  validation  certificate  through  the  lab  to  the  vendor. 


BY  LINDA  FAUST 

With  security  concerns  about  compro¬ 
mised  accounts,  phishing  and  fraud  in¬ 
creasing  rapidly,  more  enterprise  organiza¬ 
tions  recognize  the  risks  and  are  working  to 
improve  security  controls. 

Born  out  of  efforts  by  the  U.S.  National 
Institute  of  Standards  and  Technology 
(NIST)  and  Canada’s  Communications 
Security  Establishment  to  protect  govern¬ 
ment  IT  systems,  the  Federal  Information 
Processing  Standard  (FIPS)  140-2  encryp¬ 
tion  standard  is  gaining  increasing  accep¬ 
tance  in  security-sensitive  corporations. 
FIPS  140-2  also  is  the  basis  of  ANSI  X9.66,a 
draft  standard  for  financial  institutions. 

FIPS  140-2  provides  a  third-party-verified 
security  standard  with  a  federal-govern¬ 
ment  heritage  that  ensures  corporations’ 
data  security  and  can  help  them  meet  the 
IT-compliance  requirements  of  the 
Sarbanes-Oxley  Act,  the  Health  Insurance 
Portability  and  Accountability  Act,  and 
other  federal  mandates. 

The  FIPS  140-2  standard  pertains  to  sensi¬ 
tive  but  unclassified  information.lt  specifies 
four  levels  of  encryption  and  security  that 
depend  on  data  sensitivity  (for  example, 
low-value  administrative,  million-dollar 
transaction  or  life-protecting  data)  and 
diversity  of  application  environments  (for 
example,  a  guarded  facility  an  office  or  a 
completely  unprotected  location).  Each 
level  offers  an  increase  in  security  over  the 
preceding  level.  Together,  the  four  levels  of 
security  allow  cost-effective  solutions  that 
are  appropriate  for  different  degrees  of  data 
sensitivity  and  different  environments. 

Level  1  is  the  lowest  FIPS  140-2  security 


B  NIST  publishes  a  list  of  validated  modules. 

level.  Examples  of  products  that  use  Level  1 
security  are  PC  encryption  and  software 
that  runs  on  a  PC  and  supports  a  single 
user.  For  Level  2,  cryptographic  modules 
must  run  on  validated  hardware  under  val¬ 
idated  operating  systems  and  provide  evi¬ 
dence  of  tampering  and  role-based  authen¬ 
tication.  Levels  3  and  4  have  additional  pro¬ 
tection  requirements,  such  as  identity- 
based  authentication,  additional  physical- 
security  mechanisms  to  prevent  an  intruder 
from  gaining  access  to  critical  security 
parameters  and  environmental  monitoring 
to  ensure  the  integrity  of  the  cryptographic 


module  in  conditions  outside  the  normal 
operating  range  of  the  equipment. 

Compliant  encryption  products  usually 
allow  the  secure  FIPS  mode  to  be  selec¬ 
tively  enabled.  While  many  FIPS-required 
changes  are  invisible  to  users,  others  will  be 
very  visible.  For  example,  when  FIPS  is 
enabled  on  a  console  server,  many  less- 
secure  features,  protocols  and  encryption 
support  are  disabled  and  higher-security 
options  are  set.Typical  changes  include  dis¬ 
abling  applications,  such  as  telnet,  rlogin  or 
Lightweight  Directory  Access  Protocol,  that 
use  plain-text  passwords;  requiring  pass¬ 


words  to  be  more  than  six  characters;  and 
setting  strict  limits  and  restrictions  on  oper¬ 
ating  system  access  —  for  example,  to  a 
Linux  shell. 

FIPS  140-2-certified  products  go  through  a 
detailed  review  and  testing,  including 
direct  code  review,  by  a  NIST-approved 
agency  to  ensure  the  trustworthiness  of  the 
implementation’s  cryptographic  algo¬ 
rithms,  loading  methods,  operating  systems, 
documentation,  operating  software  and 
hardware  (see  graphic). 

Information  about  a  particular  product 
is  published  in  a  product-specific  security 
policy  on  the  NIST  Web  site  (www.net 
workworId.com,  DocFinder:  9621)  along 
with  the  validation  certificate.  The  secur¬ 
ity  policy  includes  certified  version  infor¬ 
mation,  instructions  for  enabling  FIPS 
mode,  product-specific  details  about  roles 
and  authentication,  approved  and  unap¬ 
proved  cryptographic  functions,  critical 
security  parameters  and  other  related 
information. 

FIPS  140-2  certification  makes  a  real  dif¬ 
ference  in  quality  NIST  says  it  found  and 
addressed  security  flaws  in  more  than  48% 
of  164  products  it  tested. 

Today  more  than  150  vendors  offer  a  wide 
range  of  FIPS  140-2-certified  commercial 
hardware  and  software  products.  FIPS  140-2 
certification  provides  an  independent 
security  standard  for  many  devices  and  is 
an  excellent  starting  point  for  improving 
security 

Faust  is  vice  president  of  product  market¬ 
ing  at  MRV  Communications.  She  can  be 
reached  at  lfaust@mrv.com. 


Is  there  a  way  to  track  and  audit  Windows 
printing  jobs  so  we  can  tell  who  printed  what 
document  and  when? 

Yes,  if  your  workstations  all  print  through  server- 
hosted  shared  printers,  you  can  turn  on  Windows  audit¬ 
ing  and  track  when  something  is  printed  by  enabling  the 
Audit  object  access  events  policy.  This  is  in  the  Windows 
Audit  Policy  settings,  through  either  the  Group  Policy  or 
tne  Local  Security  Policy  setting  in  the  Administrative 
Tools  section  in  the  Control  Panel. 

After  setting  the  Audit  Policy,  right-click  the  printer 


name  in  the  Printers  folder,  click  the  Properties/ 
Security/Advanced/Auditing  menu  item  and  add  an 
audit  entry  for  tracking  printer  activity.  Audit  entries  will 
be  recorded  to  the  Security  log,  viewable  through  the 
Event  Viewer.  The  operating  system 
security  log  will  show  who  printed  to  the  printer  and 
when,  but  it  does  not  track  what  document  was  printed. 

For  more  detailed  print  auditing,  you  will  need  a  third- 
party  auditing  package.  Several  Windows  print-auditing 
software  packages  are  available,  ranging  from  software 
to  commercial  offerings.  There  does  not  seem  to  be 


much  in  the  way  of  open  source  print-auditing  software 
for  Windows.  What  package  is  right  for  you  depends  on 
whether  you  want  to  monitor  activity  from  the  server  or 
listen  to  printer  traffic  on  the  network,  and  whether  you 
are  in  a  domain  or  workgroup  environment. 

Search  the  Web  for  "Windows  print-auditing  software" 
for  a  list  of  alternative  software  options. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@changeat 
work.com. 


Simplify  your  I.  T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  TotalStorage ®  DS4100  Express  with  DACstore 
It  can  help  you  reconfigure  or  add  capacity  while  staying  up  and  running 
No  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.  T.  hero  deserves  nothing  less. 

MEET  3  HEROES  IN  THE  BATTLE  AGAINST  I .T.  COMPLEXITY 

YOU’RE  THE  4TH. 


IBM  TotalStorage  DS4100  Express 

Ships  with  1.25TB1 

DACstore  for  configuration  metadata 
3.5TB  with  1  controller:  28TB  with  21 
Limited  warranty:  1  year  on-site2 

From  $7,349* 

(Other  configurations  as  low  as  $6,599) 

IBM  Financing  Advantage 
Only  $206/mo.3 
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IBM  eServer  OpenPower  720  Express 

Buiit  on  IBM  POWER5m  technology 
and  tuned  for  Linux* 

2-  or  4-way  64-bit,  rack  or  tower  models 

Up  to  8GB  of  memory,  disk  capacity 
up  to  1.1TB' 

Optional  Advanced  Virtualization  features 

DB2a  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 


Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  physical  capacity 
with  2:1  compression' 

Limited  warranty:  3  years  on-site2 


From  $5,850* 


From  $9,774* 

IBM  Financing  Advantage 

Only  $273/mo:i 


IBM  Financing  Advantage 

Only  $1 64/mo.3 


Learn  more  about 
our  full  range  of 
IBM  Express  products 
and  find  the 
IBM  Business  Partner 
near  you. 


1  800-IBM-7777 


mention  104CE05A 


‘All  prices  stated  are  IBM's  estimated  retail  selling  prices  as  of  September  13. 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are 
subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  Denotes  raw  storage  capacity. 
Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty 
is  available  only  for  selected  components.  3.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and 
government  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments.  Other 
restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM,  the  IBM  logo,  eServer, TotalStorage,  OpenPower.  P0WER5  and  DB2  are  trademarks  or  registered  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux -is  a  trademark  of  Linus  Torvalds  in  the  United  States  and  other  countries.  LTO  and  Ultrium  are  trademarks  of  Certance, 
HP  and  IBM  in  the  U.S.  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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Goof  fix,  Outlook  nicknames,  more  VoIP 


OEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Goof  Department:  Last  week  we 
wrote  about  the  Linksys  CIT200 
wireless  VoIP  phone,  and  although 
we  got  it  right  in  the  introduction, 
we  later  wrote:  “The  CIT200  works 
only  with  Vonage."  The  device,  of 
course,  works  only  with  Skype. 
Thanks  to  reader  Dave  Greene  for 
pointing  out  our  mistake,  and  we 
agree  with  him  —  “interesting 
device,  but  I  wish  it  worked  with 
Vonage!” 

In  response  to  our  question  last 
week  about  how  to  purge  the  cache  that  Outlook  uses  to 
auto-complete  names  entered  in  message  address  fields, 
readers  Road  Larse,  Brian  Tinsley  and  Kevin  Square  all 
responded  more  or  less  at  the  same  time  with  the  scoop. 

The  answer  is  that  the  nickname  cache,  as  it  is  called, 
can  be  found  at  (we  wrapped  the  path  over  two  lines  for 
clarity): 

C:\Documents  and  SettingsVcuser  name>\ 

Application  Data\Microsoft\Outlook\OutlookNK2 
Earlier  versions  of  Outlook  called  this  file  Outlook.NICK, 
but  stored  it  in  the  same  location. 

Turns  out  that  Microsoft  has  a  KnowledgeBase  article  on 
the  nickname  cache  (www.networkworld.com,  Doc 
Finder:  9635),  which  notes  that, “If  the  nickname  cache  is 
corrupted,  Outlook  may  not  be  able  to  identify  recipients, 
may  offer  incorrect  recipients  when  automatically  com¬ 


pleting  the  e-mail  address  or ...” —  and  this  is  the  big  one, 
folks  — “. . .  may  send  the  message  to  the  wrong  person.” 
Sigh. 

You  can  delete  the  current  nickname  file  to  start  anew 
(Outlook  will  create  a  new  nickname  file  on  the  next 
restart),  or  you  can  rename  the  file  as  a  backup. This  file  is 
also  worth  backing  up  in  case  of  drive  corruption. 

Another  option  is  to  edit  the  nickname  file,  but  that  isn’t 

Linksyslnfo.org  ...  is  an 
amazing  resource.  Highly 
recommended. 

something  you  can  do  casually  and  in  fact,  as  far  as  we 
can  determine,  there  is  only  one  tool  available  and  that 
works  only  with  .NK2  files.  The  tool,  from  Dynamic 
Computing  Solutions,  is  called  Ingressor  Desktop  Edition 
(DocFinder:  9636). 

Priced  at  the  princely  sum  of  $35,  this  tool  allows  you  to 
search  and  edit  name  and  or  alias  entries  in  .NK2  files, 
import  entries  from  CSV  and  tab-delimited  files,  export  to 
CSV  or  a  local  PST  file,  and  print  file  contents.This  could 
be  useful  in  a  support  environment,  but  we  suspect  it  has 
a  more  profound  role  in  forensics. 

On  another  track  completely,  longtime  reader  Greg 
Martin  suggested  that  we  check  out  LinksysInfo.org 
(www.linksysinfo.org),  which  includes  reviews,  autopsies 


(they  take  the  products  apart  so  you  can  see  what’s  inside 
without  voiding  your  own  warranty),  information  on  and 
downloads  of  the  latest  official  firmware  releases,  and 
reviews  and  comparisons  of  third-party  firmware. 

These  third-party  firmware  releases  allow  such  goodies 
as  adjustable  power  output,  various  QoS  handling 
enhancements  (such  as  optimizing  for  games),  support 
for  static  DHCP  assignment,  reboot  scheduler,  and  trans¬ 
mit  and  receive  antenna  selection. 

LinksysInfo.org  requires  registration  (free  and  very  fast) 
and  is  an  amazing  resource.  Highly  recommended. 

Finally  check  out  a  posting  in  Gibbsblog  (DocFinder: 
9637).  Following  our  mention  last  week  of  the  open 
source  PBX  system  called  Asterisk,  reader  Dennis  Hock 
dropped  us  a  note  outlining  a  fascinating  use  of  the  PBX 
system  with  old  telephone  equipment.  Dennis  is  a  mem¬ 
ber  of  Telephone  Collectors  International  (www.tele 
phonecollectors.org),  a  group  of  technically  minded  folk 
endeavoring  to  save  our  telecommunications  history 
from  vanishing  into  the  mists  of  time. 

What  Dennis  and  his  buddies  are  doing  is  building  their 
own  telephone  network  called  CNET,  using  their  various 
antique  switches,  linked  together  over  VoIP  using  Asterisk 
servers.The  technicalities  are  non-trivial,  and  you  can  fol¬ 
low  the  system’s  development  at  www.ckts.info. 

Switch  your  comments  to  gearhead@gibbs.com.  And 
carpe  Gibbsblog  (www.networkworld.com/weblogs/ 
gibbsblog). 


The  scoop:  Palm  TX  handheld,  by  Palm,  about  $300 
What  it  is:  The  Palm  TX  combines  the  best  features  of  a  business-ori¬ 
ented  handheld  (organizer,  document  viewer,  Web  and  e-mail)  with 
the  best  features  of  a  consumer  handheld  device  (photo  viewer,  music  and  video 
player) .The  TX  includes  a  high-resolution  screen  (320  by  480  pixels),  integrated  Wi-Fi 
and  Bluetooth  wireless  connectivity  and  a  312-MHz  processor. 

The  system  includes  128M  bytes  of  RAM  (about  100M  bytes 
available  for  user  applications  and  data),  and  it  has  a  Secure 
Digital  I/O  expansion  card  slot  that  works  with  Secure  Digital 
and  MultiMedia  Cards  for  additional  data  storage  (it  supports 
cards  up  to  2G  bytes  in  capacity),  memory  or  other  applications. 

Why  it’s  cool:  I  like  this  model  because  it  merges  the  best  of 
both  worlds  into  one  device.Treo  converged  devices  are  nice  if 
you  want  a  cell  phone  and  PDA,  but  those  come  with  a  higher 
price  tag  and  a  monthly  service  fee.The  addition  of  embedded 
Wi-Fi  and  Bluetooth  on  this  device  provides  some  network  con¬ 
nectivity  for  Web  browsing  and  e-mail  access,  so  you  can  get 
your  e-mail  without  investing  in  a  Treo  or  other  device.  Even  Wi¬ 
Fi  Protected  Access  security  with  the  preshared  key  option  is 
supported,  so  users  can  connect  to  their  secured  wireless  net¬ 
works.  Kudos  to  Palm  for  thinking  that  some  wireless  networks 
are  actually  secured  instead  of  wide  open. 

Some  caveats:  There’s  no  embedded  digital  camera  —  but  like 
those  who  will  have  a  separate  cell  phone,  users  of  the  TX  will 
likely  have  a  different  digital  camera  —  they’re  more  concerned 
with  having  integrated  Bluetooth  and  Wi-Fi. 

Grade:  ★★★★-<  (out  of  five) 


The  scoop:  Gateway  Convertible  Notebook  (CX200x),  about  $1,400,  by  Gateway 
What  it  is:  The  Gateway  Convertible  Notebook  is  a  study  in  contrasts.  It  has  a  14- 
inch  widescreen  display,  one  of  the  first  tablets  we’ve  seen  with  that.  Since  this  is  a 
tablet,  users  will  want  to  write  on  the  screen  and  carry  it  around.  Because  the  larg¬ 
er  display  creates  a  heavier  notebook,  this  works  against  the  concept  of  a  tablet. 

Features  we  tried  include  the  Windows  XP  Tablet  PC  Edition,  an  Intel  Pentium  M 
processor  740  (1.73  GHz),512M  bytes  of  RAM, a  60G-byte  hard  drive  and  multiple- 
card  reader  (including  Memory  Stick,  Memory  Stick  Pro,  MultiMedia  Card,  Secure 
Digital,  XD  Picture  Card,  Mini  Secure  Digital  and  RS-MultiMedia 
Card  formats). The  system  offers  an  8x-speed  DVD  writer  optical 
drive  (+/-R  and  +/-RW  as  well  as  CD-RW  options),  a  Type  II  PC 
Card  slot,  three  USB  2.0  ports,  an  IEEE  1394  (FireWire)  port  and 
VGA  output.  Connectivity  options  include  integrated  wireless 
(802. 1 1  b/g) ,  Gigabit  Ethernet  and  aV92  modem. 

Why  it’s  cool:  If  you’re  OK  with  a  heavier  tablet  or  don’t  want  to 
use  the  tablet  functions  and  just  enjoy  the  14-inch  widescreen  dis¬ 
play  you  can’t  go  wrong.  The  convertible  option  lets  you  work  the 
machine  as  a  regular  notebook,  then  swivel  the  screen  around  on 
itself  when  you  want  to  write  on  it.The  multiple-card  reader  let  us 
quickly  access  digital  images  and  other  files  stored  on  our  memo¬ 
ry  cards,  eliminating  the  need  for  a  separate  card-reader  device. 

Some  caveats:  If  you  plan  on  using  the  device  more  as  a  tablet 
(where  you  need  to  carry  it  around  and  write  on  the  screen  a 
lot), you  might  want  to  look  for  a  lighter  unit. 

Grade:  ★★★★ 


The  Palm  TX  handheld  has  the  per¬ 
fect  melding  of  business  and  con¬ 
sumer  features. 


Now  on  video!  Check  out  the  new  Cool  Tools  Happy  Hour 
videocast,  where  Keith  Shaw  takes  a  look  at  the  lighter  side  of 
high  technology.  There  are  new  episodes  every  week  at  www.net 
workworld.com. 
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THE  ONLY  WAY  TO  DO  BUSINESSV 
OUT  OF  THE  OFF  CE  IS  WITH 
MULTIPLE  MOBILE  DEVICES. 
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GET  YOUR  FREE  COPY  OF  “MOBILE  WORKFORCE  FOR  DUMMIES”  AT  AVAYA.COM/DUMMIES 


AVAYA  IP  TELEPHONY  GIVES  YOU 
SINGLE-DEVICE  MOBILITY,  LIKE 

HONE. 


AVAyA 

COMMUNICATIONS 
AT  THE  HEART  OF  BUSINESS 


©2005  Avaya  Inc.  AH  Rights  Reserved.  Avaya  and  the  Avaya  Logo  are  registered  trademarks  of  Avaya  Inc.,  and  may  be  registered  in  certain  jurisdictions.  All  other  trademarks  are  the  property  ol  their  respective  owners 
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New  satellite  era: 
Portable  bwdband 

One  of  the  topics  creating  a  buzz  at  the  recent  SatCon 
satellite  conference  in  New  York  was  the  imminent 
launch  of  an  Inmarsat  satellite  that  will  deliver 
broadband  connections  to  magazine-sized  portable 
transceivers. 

The  6-ton  Atlantic  Ocean  Region  1-4  satellite  was  sched¬ 
uled  to  lift  off  last  Friday  Once  tested,  it  will  serve  as  the 
platform  for  Inmarsat’s  new  Broadband  Global  Area  Net¬ 
work  (BGAN)  service,  enabling  small,  battery-powered 
portable  terminals  to  support  492K  bit/sec  data  rates  and 
separate  voice  traffic. 

The  Atlantic  Ocean  satellite  will  serve  the  Americas  when 
service  is  turned  on  in  April,  complementing  an  identical 
bird  parked  over  the  Indian  Ocean  that  will  service  Europe, 
Africa  and  most  of  the  Far  East,  when  it  comes  online  Nov. 
16.  (If  all  goes  as  planned,  Inmarsat  will  launch  a  third  satel¬ 
lite  over  the  Pacific  in  late  2006.) 

Use  of  high-powered,  focused  spot  beams,  along  with  a  25 
times  improvement  in  sensitivity,  is  what  makes  use  of 
small,  low-powered  terminals  possible. 

A  handful  of  companies  are  building  the  terminals, 
including  Hughes,  Nera  and  Thrane  &Thrane.  Data  rates 
vary  by  terminal  type,  with  a  maximum  of  492K  bit/sec 
shared,  meaning  data  rates  drop  as  more  users  log  on 
(if  hot  spots  develop,  Inmarsat  says  it  can  aim  more 
beams  at  a  given  area).  Billing  is  for  megabytes  trans¬ 
mitted.  Customers  also  will  be  able  to  reserve  data  chan¬ 
nels  of  32K,  64K,  128K  or  256K  bit/sec,  with  billing  based 
on  session  duration. 

Voice,  which  is  handled  on  a  separate  3. 1-KHz  channel,  is 
said  to  be  almost  toll  quality  Both  dial-in  and  dial-out  are 
supported,  as  are  a  host  of  common  features,  such  as  caller 
ID,  call  forwarding  and  voice  mail. 

Thrane  &  Thrane’s  new  $2,850  Explorer  500  is  8.5  inches 
square,  2  inches  thick  and  weighs  less  than  3  pounds.  It 
has  an  RJ-1 1  telephone  port,  an  RJ-45  LAN  port  and  can 
be  powered  by  its  internal  battery  for  as  long  as  1.5  hours 
when  the  unit  is  transmitting  full  time  at  144K  bit/sec.The 
maximum  shared  data  rate  is  464K  bit/sec  down  and 
448K  bit/sec  up,  with  reserved  speeds  of  32K.64K  or  128K 
bit/sec. 

Transmission  costs  are  just  emerging,  but  are  said  to  range 
from  about  $3.50  to  $7.50  per  megabyte. 

While  that  seems  expensive, some  buyers  at  SatCon  were 
eager  to  test  BGAN.  One  said  privately  that  he  could  see 
buying  5,000  terminals  if  they  would  enable  his  field  per¬ 
sonnel  to  service  customers  directly  from  their  homes, 
negating  the  need  for  local  offices. 


Bridging  the  disconnect 

Regarding  “ISP  spat  leaves  customers  disconnected” 
(www.networkworld.com,  DocFinder:  9548):  If  two 
ISPs  de-peer,  their  users  should  not  fall  out  of  con¬ 
nectivity  Instead, each  ISP  should  use  a  third  party  to 
route  packets  addressed  to  the  other  ISP’s  customers 
and  accept  packets  addressed  to  their  own  cus¬ 
tomers  if  they  are  delivered  to  any  still  working  peer¬ 
ing  interface.  Failure  to  do  this  (or  an  adequate  sub¬ 
stitute)  breaches  the  ISPs’  explicit  or  implied  con¬ 
tract  with  their  customers. 

In  this  case,  Level  3  should  have  begun  forwarding 
its  customers’  packets  to  Cogent  via  other  carriers 
the  moment  the  direct  link  was  cut,  while  Cogent 
should  have  rerouted  as  soon  as  it  found  out  the  link 
was  down  and/or  its  customers’  packets  weren’t  get¬ 
ting  through  —  and  should  have  been  ready  to 
switch  when  it  knew  its  peering  agreement  was 
expiring  without  renewal. 

The  story  doesn’t  give  enough  detail  to  know  who 
dropped  the  ball  —  and  thus  is  responsible  for  drop¬ 
ping  the  packets.This  information  should  have  been 
dug  up  and  published.Then  customers  would  know 
which  carrier  let  its  customers  down  and  whether 
either  carrier  did  its  best  —  short  of  knuckling  under 
on  unreasonable  peering  contract  terms  —  to  keep 
its  customer  commitments.  Customers  need  this 
information  so  they  can  make  an  informed  decision 
on  their  future  selections  of  carriers  and  contracts. 

Michael  McClary 
San  Jose 

Utility  futility 

Regarding  “IT  guru  extols  utility  computing  use” 
(DocFinder:  9549):  We’ve  already  had  utility  comput¬ 
ing  available  from  a  company  called  Aristasoft  —  an 
application  service  provider  with  Oracle  engineers 


on  staff  to  debug  clients’ work.  Aristasoft  offered  soup- 
to-nuts  delivery  if  you  wanted  it.  Sad  to  say  the  com¬ 
pany  imploded  like  other  dot-coms,  but  had  the 
sense  to  close  up  shop  with  money  still  in  the  bank. 

Few  organizations  are  ready  to  put  their  propri¬ 
etary  data  into  the  hands  of  a  company  in  which 
they  don’t  control  the  equipment  or  the  staff  respon¬ 
sible  to  support  their  needs.  If  you  outsource  your 
data  center,  whom  do  you  manage?  Sounds  career- 
limiting  to  many  people.  If  a  utility  service  provider 
has  20,000  customers,  just  how  important  is  your  cor¬ 
rupted  Oracle  database  to  them? 

Brian  Kinney 
Albuquerque,  N.M. 

Simplify,  simplify 

Regarding  Howard  Anderson’s  column  “Curmudg¬ 
eons  of  the  world,  unite”  (DocFinder:  9550): 
Although  I  do  not  fall  into  Anderson’s  age  group 
yet,  I  too  do  not  need  any  more  buttons  and  menus 
in  my  life. 

What  really  caught  my  eye  was  Anderson’s  com¬ 
ment  about  his  Razr  phone.  My  first  impression  of 
this  thing  was  that  finally  they  made  a  simple  phone 
that  will  fit  in  my  pocket.The  last  thing  I  want  is  a  lot 
of  electronic  gizmos  hanging  off  my  belt.  Alas,  it 
seems  that  all  the  other  gadgets  have  been  com¬ 
pressed  into  this  phone  and  the  buttons  are  labeled 
with  techno-speak  symbols. 

Unfortunately,  I  long  for  the  simplicity  that  is  only 
attained  in  fantasy:  Captain  Kirk  never  dialed  his 
communicator  and  was  happier  for  it. 

John  Russo 
North  Haven,  Conn. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  1030 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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Ira  Brodsky 


Get  ready  for  mobile  marketing 


The  main  takeaway  from  the  recent  CTIA 
Wireless  IT  &  Entertainment  show  is  clear: 
Your  cell  phone  is  about  to  become  a 
handheld  information  and  entertainment  cen¬ 
ter.  The  implications  for  companies  are  poten¬ 
tially  huge.  The  mobile  phone  is  positioned  to 
become  the  dominant  e-commerce  platform. 

There  are  more  than  2  billion  mobile  phone 
users  worldwide. The  number  of  mobile  phones 
sold  each  year  —  more  than  600  million  — 
dwarfs  the  number  of  PCs  sold.  Efforts  are 
underway  to  develop  handsets  costing  less  than 
$30  to  lure  the  next  billion  users. 

Mobile  phone  operators  are  sitting  on  a  mar¬ 
keting  gold  mine.  Privacy  concerns  aside,  they 
know  whom  you  call,  when  you  call,  where  you 
call  from  and  how  much  you  spend  calling. 
Locating  technology  lets  merchants  reach  out 
to  potential  customers  who  happen  to  be  in  the 
vicinity.  Although  pundits  demand  total  privacy 
the  average  consumer  might  be  willing  to  trade 
a  little  privacy  for  lower  phone  rates  and  some 
cool  applications. 

The  mobile  phone  operator’s  most  valuable 
asset  is  its  billing  system.  These  systems  handle 
millions  of  subscribers  and  hundreds  of  mil¬ 
lions  of  small  transactions  every  month.  Ring 


tone  and  mobile  game  providers  are  exploiting 
mobile  billing  systems.  Inevitably,  subscribers 
will  be  able  to  purchase  other  products  and  ser¬ 
vices  by  tacking  the  charges  onto  their  mobile 
phone  bills. 

Third-generation  wireless  systems  capable  of 
delivering  music  and  video  to  mobile  handsets 
are  finally  arriving.  People  are  not  going  to 
watch  two-hour  movies  on  tiny  screens,  but  they 

Mobile  marketing  will  play 
out  much  like  Internet  PC 
marketing. 

will  watch  short  videos.  Some  of  these  videos 
will  be  subsidized  by  advertisers.  Others  will 
leave  us  wondering  whether  what  we  just  saw 
was  entertainment  or  a  sales  pitch  —  or  both. 

Some  unique  mobile  marketing  applications 
are  emerging.  Semacode  has  developed  a  tech¬ 
nology  that  connects  camera  phone  users  to  a 
vendor’s  Web  site  when  they  point  the  camera  at 
a  special  bar  code  containing  the  URL  and 
clicks.  Mobot  takes  that  concept  a  step  further 
with  its  visual  search  technology:  The  user  pho¬ 


tographs  a  product  label  and  is  connected  to 
related  information  and  offers. 

The  two  biggest  obstacles  to  mobile  marketing 
are  privacy  and  ease  of  use.  With  billions  of 
mobile  phone  subscribers,  however,  it’s  a  safe 
bet  that  hundreds  of  millions  of  users  will 
accept  some  targeted  marketing  in  exchange 
for  service  discounts  or  other  perks. 

Dozens  of  companies  are  working  to  trans¬ 
form  devices  with  small  screens  and  numeric 
keypads  into  powerful  e-commerce  terminals. 
Some  are  reducing  the  number  of  key  clicks 
required  per  transaction.  Others  are  harvesting 
key-click  data  to  make  applications  more  intu¬ 
itive  and  appealing. 

Mobile  marketing  will  play  out  much  like 
Internet  PC  marketing.There  will  be  a  mad  dash 
to  attract  and  retain  “ears.”  There  will  be  some 
silly  business  models.  And  there  will  be  many 
failures  along  the  way.  But  there  also  could  be 
another  eBay  out  there.  Companies  should 
approach  this  new  marketing  medium  with  a 
mixture  of  skepticism  and  respect. 

Brodsky  is  president  of  Datacomm  Research  in 
St.  Louis.  He  can  be  reached  at  ibrodsky@data- 
commresearch.  com. 


CACHE  ADVANCE 
Linda  Musthaler 


Banking  on  two-step  authentication 


Ido  my  banking  and  money  management  with 
a  U.S.-based  global  financial  planning  com¬ 
pany.  Like  most  such  companies,  this  one  is 
pushing  its  customers  toward  the  Web  for  con¬ 
ducting  transactions.  Self-service,  in  the  form  of 
online  bill  paying  and  account  management,  is 
far  more  cost-effective  than  having  lots  of 
branches  and  people  in  the  field. 

1  don’t  mind,  because  I  like  self-service  for  its 
convenience.  But  I’ve  soured  on  the  idea  of 
using  a  PC  to  access  my  funds.  Proliferating 
phishing  schemes  and  spyware  (such  as  key¬ 
stroke  loggers)  make  it  risky  for  people  to  access 
their  accounts  over  the  open  Internet.  It  makes 
me  nervous  to  think  that  others  are  only  a  user 
ID  and  password  away  from  my  total  portfolio. 

I  expressed  my  concerns  to  my  financial  man¬ 
ager,  asking  if  his  company  offers  customers  two- 
step  authentication. That  led  to  a  discussion  with 
a  security  officer  from  the  IT  department,  who 
told  me  that  the  company  is  investigating  how 
and  even  whether  it  would  implement  two-step 
authentication. She  said  it  is  at  least  a  year  away 
“Most  of  our  customers  don’t  want  it,”  she  said. 
“They  think  it’s  bad  enough  they  have  to  enter  a 
password  twice  to  get  into  their  accounts.”What’s 
worse  is  that  she  told  me  that  this  reaction  is  the 
norm  for  her  industry  in  the  United  States. 

I  was  stunned.  Surely  I’m  not  the  only  con¬ 
sumer  to  read  the  headlines  about  identity  theft 
and  unauthorized  access  to  private  information 
online.  I  can’t  be  the  first  person  who  wants 
something  a  bit  more  secure  than  a  single  pass¬ 


word  to  move  my  money  around.  These  issues 
aren’t  new  to  the  security  officer.  She’s  well 
aware  of  the  potential  for  problems  and  the 
need  for  stronger  security  In  her  defense,  I’d  have 
to  say  that  her  company  has  tied  her  hands, 
claiming  that  customers  prefer  convenience 
over  confidence. 

This  is  exactly  the  kind  of  thinking  that  leads  to 
headlines  screaming, “Thousands  of  accounts  at 
XYZ  bank  are  compromised  when  identity 
thieves  steal  password  information.”  CEOs  seem 
more  concerned  with  controlling  costs  than  sell¬ 
ing  security  as  a  feature. 

I  don’t  think  our  financial 
institutions  give  us 
enough  credit. 

What  I’m  asking  for  is  not  complicated,  and  it 
doesn’t  have  to  be  costly.  I  want  my  financial 
company  to  have  an  additional  way  to  identify 
me  before  it  gives  me  full  access  to  my  money 
via  the  Internet.  A  token,  secure  card  or  even  a 
single-use  password  would  make  me  feel  better. 
I’d  even  be  willing  to  pay  for  it.  The  bank  has 
already  given  me  a  card  to  use  at  the  automated 
teller  machine,  forcing  me  to  know  something 
(my  password)  and  have  something  (my  card) 
at  the  same  time.  Can’t  I  have  something  similar 
at  home? 

European  financial  companies  have  long 
known  the  benefits  of  two-step  authentication 


and  have  devised  several  simple  solutions.  One 
German  bank,  for  instance,  issues  its  customers  a 
hard-copy  list  of  transaction  authorization  num¬ 
bers  (TAN) .The  TANs  are  six  digits  and  appear  to 
be  randomly  selected,  which  makes  them  hard 
to  guess.To  make  a  transaction  online, customers 
must  log  on  using  their  regular  user  ID  and  pass¬ 
word. Then  they  must  enter  an  unused  TAN  from 
their  list.  If  they  enter  a  TAN  that  they  have  previ¬ 
ously  used  or  that  is  not  on  their  list,  their  trans¬ 
action  won’t  go  through. This  may  seem  to  be  an 
elementary  form  of  security,  but  it  is  inexpensive 
to  deploy  easy  for  the  consumer  to  understand 
and  better  than  nothing. 

Some  European  banks  provide  customers  with 
a  secure  ID  card,  which  generates  a  random  key 
that  the  customer  must  authenticate  to  enact  a 
transaction.  Another  European  solution  is  for  a 
bank  to  issue  temporary  transaction  numbers 
and  send  them  via  Short  Message  Service  to  cus¬ 
tomers’  cell  phones  when  they  press  the  money- 
transfer  button. 

Our  society  is  becoming  more  tech-sawy,  and  I 
don’t  think  our  financial  institutions  give  us 
enough  credit  when  they  say  we  don’t  want  solu¬ 
tions  such  as  these  because  they’re  too  compli¬ 
cated.  Not  only  should  we  want  two-step  authen¬ 
tication,  we  should  demand  it  or  take  our  busi¬ 
ness  elsewhere. 

Musthaler  is  vice  president  of  Currid  & 
Company,  a  Houston  technology  assessment  firm. 
She  can  be  reached  at  linda@currid.com. 


NetlQ  best  at  moving 
Microsoft  group  policy  along 

BY  MANDY  ANDRESS,  NETWORK  WORLD  LAB  ALLIANCE 

For  better  or  worse,  Microsoft’s  Active  Directory  frequently  serves  as  a  central 
repository  for  security  policy  information  for  organizations  that  widely 
deploy  Windows  2000  and  2003  as  a  core  server  operating  system.  Yet, 
Microsoft’s  out-of-the-box  policy  administration  tools  are  limited  in  scope 
and  do  not  meet  the  rigorous  security  auditing  requirements  of  today's 
compliance-driven  corporate  atmosphere. 


In  this  Clear  Choice  test,  we  examine  sets  of  tools  that 
greatly  expand  Active  Directory  Group  Policy  administra¬ 
tion,  providing  assistance  with  access  control,  reporting, 
change  management  and  security  auditing  functionality 
Of  the  four  vendor  submissions  to  this  test  —  GPOVault 
from  Desktop  Standard;  Group  Policy  Guardian  (GPG)  and 
Group  Policy  Administrator  (GPA)  from  NetlQ;  Group 
Policy  Manager  and  Intrust  for  Active  Directory  from  Quest 
Software;  and  Active  Administrator  from  ScriptLogic 
Corporation  —  NetIQ’s  package  is  our  Clear  Choice  winner 
based  on  its  breadth  of  features,  with  specific  prowess  in 
auditing  and  change  management. 

Quest  was  our  runner-up  because  it  was  easier  to  use 
than  the  NetlQ  products,  but  lacked  some  of  the  major 
components,  such  as  what-if  analysis  for  offline/test  poli¬ 
cies  and  snapshot-in-time  reports. 

Our  testing  honed  in  on  how  well  these  products  assisted 
with  policy  administration  and  tracking  security  compli¬ 
ance  via  change  management,  reporting,  auditing  and 
administration  functions.  Our  assessment  of  change  man¬ 
agement  focused  on  how  well  the  products  maintained  a 
controlled,  trusted  state  for  each  policy  with  mechanisms 
such  as  version  control,  approval  workflow,  change  notifi¬ 
cation  and  rollback. 

We  looked  for  format  flexibility  in  reporting  tools  beyond 
what  Microsoft  offers  with  its  Microsoft  Management 
Console  (MMC)  snap-in.  For  example,  we  wanted  the  abili¬ 
ty  to  create  comparisons  between  Group  Policy  versions, 
view  current  policy  settings  and  run  Resultant  Set  of 
Policies  (RSoP)  reports,  analysis  information  showing  the 
full  implementation  of  a  policy 
A  successful  audit  for  this  test  meant  we  could  see  a  com¬ 
plete  trail  of  changes.  We  also  wanted  the  ability  to  see  what 
policy  was  in  effect  at  a  specific  point  in  time.  Admin¬ 
istration  focused  on  core  functionality  to  manage  Group 
Policy  including  detailed  access  control,  offline  or  what-if 
analysis,  policy  backup/archive  and  overall  ease  of  use. 

Each  product  contains  similar  base  reporting,  change  his¬ 
tory  and  change  control  functionality,  but  all  were  imple¬ 
mented  differently  Some,  such  as  DesktopStandard,  add 
directly  onto  Microsoft  administration  tools,  while  others, 


such  as  NetlQ,  provide  a  completely  different  administra¬ 
tion  console.  NetlQ  watches  existing  audit  logs  while  Quest 
watches  the  Active  Directory  events  directly  NetlQ  uses  its 
own  internal  access-control  system, while  ScriptLogic  relies 
on  native  Active  Directory  permissions.  Finally  ScriptLogic 
makes  changes  directly  to  Active  Directory  while  Desktop 
Standard  implements  a  proxy  No  approach  is  right  or 
wrong,  but  each  has  a  different  effect  on  an  environment. 

NetlQ 

NetlQ  submitted  two  products:  GARwhich  provides  group 
policy  and  change  management  functions;  and  GPG, 
which  relies  on  native  Active  Directory  auditing  to  monitor 
group  policy  changes  and  sends  alerts  on  the  activity  as 
configured. 

We  installed  GPA  and  GPG  on  an  Active  Directory 
domain  member  server  running  SQL  Server  and  all 
required  prerequisites. The  console  is  an  MMC  snap-in  with 
all  the  Windows  look  and  feel  that  implies.  We  imported  the 
full  Group  Policy  for  our  test  domain  via  the  command-line 
tool  provided  with  GPA.  We  would  like  to  see  this  function¬ 
ality  be  directly  available  via  the  product’s  GUI.  Policies  are 
then  copied  to  an  offline  SQL  Server  repository  so  changes 
can  be  tested  and  approved  before  moving  to  production. 

GPG  comprises  several  components  —  database,  report¬ 
ing,  server,  collector  and  console.  The  reporting  module 
analyzes  the  data  in  the  database  and  renders  the  request 
reports.  The  server  analyzes  the  changes  made  to  Active 
Directory  and  sends  them  to  the  database.  The  collector 
watches  the  raw  Active  Directory  events  (specifically 
Microsoft  event  IDs  560,  565  and  566)  and  determines 
whether  they  should  be  sent  to  the  server.  Finally  the  con¬ 
sole  provides  the  administration  interface.  GPG  also 
includes  connectors  to  monitoring  products  such  as 
Microsoft  Operations  Manager  and  NetIQ’s  Security  Man¬ 
ager  and  AppManager. 

GPG  provided  the  best  audit  trail.  GPG  can  also  integrate 
with  GPA  to  alert  on  authorized  and  unauthorized  changes 
to  Active  Directory  to  further  boost  the  audit  trail. 

Version  control,  handled  via  GPA,  is  excellent  because  it 
creates  specific  version  numbers  for  each  policy  check-in. 


We  were  able  to  easily  identify  checked-out  policies  by 
noticing  an  icon  change.  Change  notifications  are  available 
in  GPA,  but  only  by  email.  GPG  adds  additional  alerting 
functionality 

GPA  uses  its  own  internal  security  model  for  setting  up 
and  maintaining  access  control.  GPA  reports  are  easy  to 
access,  but  generated  only  in  HTML.  We  would  like  to  see 
PDFs  offered.  It  also  was  difficult  to  quickly  tell  what 
changes  were  made  in  differential  reports. 

A  command-line  tool  is  available  to  create  a  report  show¬ 
ing  the  GPA  policy  in  place  at  any  time  —  a  useful  feature 
that  should  be  incorporated  into  the  GUI  front  end.  RSoP 
reporting  is  also  available. 

Back-up  policies  were  very  flexible,  providing  the  ability 
to  back  up  full  policies  or  specific  objects.  Additionally  a 
full  backup  was  taken  before  any  new  policies  were 
pushed  to  production  should  we  have  needed  to  facilitate 
a  rollback.  We  could  roll  back  any  policy  through  viewing 
the  history  GPA  provided. 

One  especially  appealing  feature  of  the  NetlQ  product  is 
the  export  override  service  account,  which  gives  a  directo¬ 
ry  administrator  the  ability  to  give  permissions  to  modify  a 
production  Active  Directory  to  a  limited  account  set.  NetlQ 
also  has  the  unique  ability  to  perform  health  checks 
against  the  Active  Directory 

Quest  Software 

Quest  submitted  Group  Policy  Manager  and  Intrust  for 
Active  Directory  Group  Policy  Manager  provides  directory 
administration  tools.  Intrust  for  Active  Directory  —  which  is 
based  on  Quest’s  log  collection  and  alerting  product 
Intrust  for  Windows  —  stores  group  policy  events  in  a  SQL 
Server  database  and  generates  alerts  and  reports  on  the 
entries  when  queried  to  do  so.  Quest’s  approach  does  not 
require  Active  Directory  auditing  to  be  enabled  to  gather 
logs,  but  relies  on  its  own  agent  sitting  on  the  domain  con¬ 
troller  that  sees  the  events  and  sends  them  to  the  database. 

We  installed  both  products  on  a  domain  member  server 
without  issue. 

Quest  could  improve  the  detail  of  its  access  control  with¬ 
in  Group  Policy  Manager.  As  many  as  four  groups  are 
assigned  to  particular  roles  with  varying  privileges  when  it 
comes  to  policy  management.  Other  products  we  tested  let 
us  set  access  control  per  object  down  to  a  specific  user. 

The  version  control  and  check-in/check-out  functionality 
of  Group  Policy  Manager  was  the  best  we  tested.  Version 
numbers  are  assigned  to  each  modified  policy  in  incre¬ 
ments  of  .1  until  a  new  version  is  officially  approved  and 
rolled  to  production,  and  is  registered  as  a  full  version  num¬ 
ber.  Checked-out  policies  are  moved  to  a  separate  folder, 
where  they  sit  while  changes  await  approval.  Policies  can 
be  exported  for  offline  testing,  but  the  test  functionality  is 
not  built  in  to  the  product. 

You  can  tap  into  the  rollback  functionality  via  the  com¬ 
pliance  wizard  program  within  the  Group  Policy  Manager 
interface.  Running  this  wizard  compares  the  current  GPO 
against  the  offline  version  expected  to  be  in  production.  If 
any  discrepancies  are  identified  and  reported  by  the  wiz¬ 
ard, you  can  choose  to  roll  back  to  previous  versions  of  the 
policy  listed  in  the  history  tab. 

The  reports  served  up  by  Group  Policy  Manager  in  an 
HTML  format  could  be  easier  to  read,  and  we  found  that 

See  Group  policy,  page  48 
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Danger  lurks  within  your  company.  The  warning  signs  are  right  there  in  front  of  you.  Like  confidential  data  that's  more  valuable  than  ever. 
And  a  perimeter  that's  highly  vulnerable.  It's  the  formula  for  a  data  breach.  If  it  happens,  it  could  be  devastating.  Enter  EpiForce'”  from 
Apani  Networks™.  It's  built  from  the  ground  up  to  secure  inside  the  enterprise.  It's  highly  scalable  and  secures  your  data  regardless 
of  your  platforms.  Let's  face  it,  hiding  from  an  internal  data  breach  won't  protect  you.  But  EpiForce  will. 

To  learn  more  about  securing  inside  the  network  perimeter,  get  a  free  copy  of  'The  Definitive  Guide  to  Security  Inside 
the  Perimeter "  from  realtimepublishers.com,  sponsored  by  Apani  Networks.  Go  to  www.apani.com/nwguide 
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tel  Results  GROUP  POLICY  MAC  TOOL 


Product 

Group  Policy  Guardian 
2.0,  Group  Policy 
Administrator  4.6 

Group  Policy  Manager 
2.0,  InTrust  for  Active 
Directory  8.5 

Active  Administrator 
4.02 

GPOVault  2.1 

Vendor 

NetlQ 

www.netiq.com 

Quest  Software 

www.quest.com 

ScriptLogic 

www.scriptlogic.com 

Desktop  Standard 

www.desktopstandard 

.com 

Price 

Group  Policy 
Administrator  starts  at 
$900  per  100-user  pack; 

Group  Policy  Manager 
is  $8  per  user  account. 
InTrust  for  Active 
Directory  is  $12  per 
managed  user  account. 

$12  per  seat. 

GPOVault  Enterprise 
Edition  starts  at  $1,400 
per  managed  domain. 

NETWORKWORLD  gfl| 

»  user  pacK. 

Pros 

Best  all-around 
functionality  for  group 
policy  management; 
complete  audit  trail 
available  in  easy-to- 
understand  format. 

Excellent  change 
management  module; 
intuitive,  easy-to-use. 

Detailed  rollback 
functionality. 

Excellent  report 
formats. 

Cons 

Report  format  could  be 
improved. 

Report  format  could  be 
improved;  access 
control  not  as  detailed 
as  other  products. 

Does  not  include 
workflow  management. 

Accessibility  to  audit 
trail  could  be  greatly 
improved. 

Score 

4.38 

3.88 

3.75 

2.88 

The  Breakdown 

NetlQ 

Quest  Software 

ScriptLogic 

DesktopStandard 

Change  management  25% 

5 

4.5 

3 

4 

Reporting  25% 

3.5 

4 

4.5 

3 

Auditing  25% 

5 

4 

4 

2 

Administration  25% 

4 

3 

3.5 

. : . 1. 25 

Total  scon 

4.38 

3.88 

3.75 

j  2.88 

Scariig  Kty:  5:  Exceptional:  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available 
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continued  from  page  46 

identifying  differential  information  is  not  as  clear  as  it 
could  be.  With  Group  Policy  Manager,  you  select  compari¬ 
son  reports  from  a  drop-down  list;  with  other  products  we 
tested, you  highlight  two  policies  with  the  mouse. While  not 
a  significant  difference,  the  latter  method  is  easier  to  use. 

intrust  for  Active  Directory  provides  a  full  audit  trail  of 
changes,  but  you  can  get  a  snapshot  of  data  only  by  review¬ 
ing  individual  policy  historyYou  have  to  review  the  history 
of  each  group  policy  to  see  what  is  in  place  at  any  point  in 
time.You  then  have  to  perform  differential  analysis  on  each 
policy  to  see  what  has  changed  from  point  to  point.  RSoP 
reports  are  available,  but  testing  what-if  scenarios  are  not. 

ScriptLogic 

Active  Administrator,  while  a  strong  product  overall,  lacks 
workflow  for  approving  policy  changes  and  uses  a  tabbed 
console  that  is  more  cluttered  and  not  as  intuitive  as  other 
products  we  tested. 

We  installed  Active  Administrator  on  a  domain  member 
server  and  installed  the  necessary  agent  on  the  domain 
controller  without  issue. We  used  the  built-in  Microsoft  SQL 
Server  2000  Desktop  Engine  database  for  storing  log  events. 

Active  Administrator  requires  that  Active  Directory  audit¬ 
ing  be  enabled  on  the  domain  controllers  and  agent  soft¬ 
ware  running  on  those  machines  then  collect  and  read 
entries  from  the  security  event  log.  Administrators  deter¬ 
mine  which  events  trigger  alerts  that  then  can  be  sent  by  e- 
mail  to  designated  addresses. 

Version  control  is  tracked  by  date/time  stamp  and  is 
accessed  through  the  policy  history  interface. Versions  are 
not  assigned  easily  referenced  labels  or  numbers.  Policies 
can  be  checked  out  to  the  offline  repository  stored  on  the 
local  file  system  for  testing,  but  GPO  Vault  does  not  include 
a  workflow  process  to  approve  changes  before  they  are 
submitted  to  production.  Policy  changes  are  made  directly 
in  Active  Directory  with  standard  access  rights  limiting  who 
has  the  ability  to  make  those  changes. 

Rollback  is  available  and  proved  to  be  very  detailed,  pro¬ 
viding  support  to  rollback  down  to  specific  objects. 
Backups  can  be  made  at  the  individual  object  level  and 
automated  to  run  at  set  intervals.  Both  processes  were  very 
quick  in  our  test  environment. 

Reports  are  available  in  multiple  formats,  but  they  are 
essentially  formatted  log  entries  and  did  not  provide  a 
means  to  quickly  identify  specific  changes.  RSoP  reports 
are  available  and  include  what-if  analysis. 

The  raw  log  file  of  changes  is  available  as  an  audit  trail, 
but  we  would  like  to  see  a  more  formatted  report  with  eas¬ 
ily  identifiable  information. 

DesktopStandard 

GPOVault  shows  a  lot  of  promise,  but  needs  some  addi¬ 
tional  features,  such  as  integrated  RSoP  reporting,  what-if 
analysis,  detailed  audit  trail  reports  and  snapshot-in-time 
reports  to  compete  in  the  enterprise. 

GPOVault  —  which  runs  as  a  service  on  a  member  serv¬ 
er  and  acts  as  a  proxy  for  making  changes  to  Active 
Directory  —  focuses  on  extending  the  functionality  of 
native  Active  Directory  tools,  even  relying  on  Microsoft’s 
standard  group  policy  management  console.  GPOVault 
brings  additional  tabs  to  the  standard  Active  Directory 
interface,  including  some  that  present  historical  data  for 
policies,  add  extensions  for  all  objects  and  offer  a  change 
control  folder  for  each  domain. 

GPO  Vault  provides  four  access  levels  —  Administrator, 
Approver,  Reviewer  and  Editor  —  that  give  detailed  access 
control  options  down  to  the  per-policy  level. 

We  found  that  date/time  stamps  number  policy  versions 


only  We’d  prefer  to  have  easily  referenced  unique  version 
numbers  assigned.A  separate  number  identifies  computers 
and  users  that  make  changes,  but  we  were  not  able  to  find 
a  way  to  easily  associate  the  number  with  a  specific 
machine  name. 

Check-in/Check-out  is  available  via  icons  that  easily  iden¬ 
tify  the  state  of  a  policy  A  workflow  mechanism  is  available 
that  entails  moving  policies  to  a  pending  folder  when  they 
are  ready  for  approval.  Rollback  is  simply  accomplished 
through  the  policy  history  tab. You  select  a  policy  and  click 
deploy  Full  policy  backups  are  available,  but  must  be  run 
manually 

Differential  reports  are  available  and  rated  the  best  of  the 
products  tested.  The  items  were  color-coded,  which 
allowed  us  to  quickly  identify  changes  made  between  ver¬ 
sions.  Reports  are  available  in  HTML  or  XML.  RSoP  report¬ 
ing  and  what-if  analysis  are  not  available  within  the  prod¬ 
uct.  Audit  trail  and  snapshot-in-time  reports  also  are  not 
readily  available.  You  can  piece  together  an  audit  log  and 
snapshot  in  time  by  comparing  different  policy  versions  in 
the  history  section,  but  we  would  like  to  see  specific  reports 
created  for  this  functionality 

Overall,  the  products  we  tested  provide  a  basic  level  of 
functionality  to  improve  group  policy  change  management, 
administration  and  auditing. We  would  like  to  see  improved 
reporting  across  all  products,  specifically  the  ability  to  cre¬ 
ate  custom  reports  on  changes  made  to  a  policy,  using  date 
range,  user,  object  modified  as  options.  NetlQ  lets  you  find 
this  information  via  a  command-line  utility  but  we  would 
like  this  function  included  in  the  reporting  engine. 


We  also  would  like  to  see  improved,  more  flexible  work- 
flow  processes  in  all  products.lt  should  be  possible  to  cus¬ 
tomize  workflows  for  different  organizational  processes. We 
would  also  like  to  see  a  different  way  to  identify  the 
changes  that  need  approval. 

Currently  the  best  way  to  see  this  information  is  to  run  a 
differential  report.  We  would  like  to  see  improved  alerting 
methods  such  as  SNMP  traps,  and  not  rely  solely  on  e-mail 
for  notification. 

Group  Policy  administration  tools  may  not  sit  at  the  top  of 
a  security  team’s  request  list,  but  we  found  that  these  prod¬ 
ucts  can  enable  significant  improvements  to  change  man¬ 
agement,  access  control  and  auditing  of  any  Active 
Directory  installation.  Many  of  the  changes  made  to  this 
environment  are  critical  to  an  organization’s  infrastructure 
and  should  be  protected  accordingly 

Andress  is  president  ofArcSec  Technologies,  a  security  com¬ 
pany  focusing  on  product  reviews  and  analysis.  She  can  be 
reached  at  mandy@arcsec.com. 
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REPELS  INTRUDERS, 
EMBRACES  SIP  PROTOCOL 


Moving  to  VoIP  shouldn’t  create  security  issues  for  your  business.  It 
should  eliminate  them.  That’s  why  the  Zultys  MX250  IP  PBX  runs  on 

a  real-time  Linux  operating  system  that  is 
secure  and  not  vulnerable  to  attack  And, 
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since  encryption  is  a  standard  feature,  it  is  impossible  for  anyon  to  in 
sensitive  communications,  I  st  of  all,  the  Zi  tys  MX250  does 
straight  out  of  the  box.  To  learn  more  about  Z  U 

adding  secure  VoIP,  access  www.zultys.com/nw. 
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$4,000  for  software,  card  and  one  year  of 
support/updates. 


noisy  airwaves 


Pros:  Rapid  identification  of  noise  sources;  very 
articulate  spectral  displays. 

Cons:  Odd  configuration  management;  weak 
error  handling. 


BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

The  frequencies  that  Wi-Fi  uses  are  unlicensed  and  end  up  being  shared  by 
a  number  of  non-Wi-Fi  products  (such  as  microwave  ovens  and  portable 
phones).  Even  the  5.8-GHz  region  interrupts  the  spectrum  allocated  to 
802.1  la  and,  while  it’s  usually  more  quiet  than  the  2.4-GHz  region,  is  subject 
to  broadband  radio  frequency  noise  that  compromises  signal  quality. 


We  recently  tested  two  new  products:  the  AirMagnet 
Spectrum  Analyzer  (AMSA),  which  can  help  network  engi¬ 
neers  scan  the  airwaves  to  find  interfering  noise  sources; 
and  Network  Chemistry’s  BlueScanner,  which  can  detect 
and  articulate  the  rapidly  growing  number  of  Bluetooth- 
enabled  devices  on  a  network.  Because  these  products 
have  different  goals,  we  gave  them  separate  scores. 

Spectrum  analysis 

The  AMSA  is  a  CardBus  notebook  adapter  that  includes 
its  own  internal  antenna  and  has  an  additional  external 
antenna  attachment.  The  internal  antenna  wasn’t  nearly  as 
good  as  either  the  supplied  external  antenna  or  a  third- 
party  directional  antenna. 

The  card  acts  as  an  analog-to-digital  converter,  which  the 
Spectrum  Analyzer  software  then  analyzes.  The  card  and 
software  track  the  2,4-GHz  to  2.5-GHz  band  (802.1  lb/g) 
and  the  two  portions  of  the  5-GHz  band  (802.11a)  that  are 
reserved  for  unlicensed,  low-power  Wi-Fi  use.  Installing  the 
card  was  simple,  taking  less  than  5  minutes. 


The  AirMagnet  Spectrum  Analyzer  can  monitor  many  different 
wireless  signals,  including  the  sawtooth  pattern  of  Bluetooth. 


With  notebook  in  tow, you  can  walk  around  to  track  down 
noise  sources,  perform  Wi-Fi  air  quality  before  an  installa¬ 
tion  or  reposition  Wi-Fi  gear.  Because  a  wealth  of  informa¬ 
tion  can  be  displayed  on  the  notebook,  the  display  should 
have  a  wider  geometry  than  the  typical  1,024-  by  768-pixel 
resolution  found  on  a  notebook  (see  How  we  did  it,  page 
52).  We  initially  tried  a  notebook  using  this  “low”  resolution 
and  found  that  multiple  display  readout  windows  used  up 
screen  space  quickly. 

The  software  presents  a  blank  area  that  can  be  filled  with 
different  displays,  and  at  the  bottom  of  the  displays  is  a  sta¬ 
tistics  box  where  interference  sources  are  iisted.This  is  the 
key  area  to  watch,  as  the  listing  of  sources  that  pop  up  in 
the  box  are  a  near  real-time  indication  of  the  noise  source 
(and,  likely  its  type). 

Once  the  AMSA  finds  an  interfering  listing,  you  can 
hunt  it  down  methodically  using  a  display  that  finds  the 
device  through  antenna-positioning  manipulation.This  is 
where  a  directional  antenna  becomes  useful  to  find 
sources  quickly.  Some  devices  can  be  found  readily 
(such  as  a  5.8-GHz  FM  wireless  phone),  while  others  are 
sometimes  more  difficult  (such  as  a  leaky  microwave 
oven).  Ease  or  difficulty  of  finding  sources  depends  on 
the  transmission  features:  For  example,  FM  phones  send 
periodic  pulses,  even  when  not  in  use;  a  microwave  oven 
might  be  on  for  3  minutes,  then  off  for  hours.  Hunting 
down  a  source  requires  a  rapid  response,  and  the  opera¬ 
tional  radius  and  sensitivity  of  the  AMSA  make  this  a 
monitoring  rather  than  an  alarm  tool. 

In  testing,  we  wished  that  a  loud  noise  occurred  when 
an  offending  device  was  found  in  the  AMSAs  operational 
perimeter.  And  remote  sensors  with  the  AMSAs  analog-to- 
digital  conversion  might  allow  a  premises  to  be  moni¬ 
tored  over  a  larger  area.  This  is  why  sensitive  and  highly 
directional  antennas  are  a  must-have  for  using  AMSA  in 
reactive  situations. 

We  could  add  differing  display  plots  as  discrete  win¬ 
dows  and  tile  them  within  the  AMSA  display  We  could 
save  each  setup  to  be  recalled  later,  but  were  frustrated 
with  having  to  exit  and  reload  the  program  to  do  this, 
rather  than  simply  pick  the  profile  of  plots  we  wanted 
from  a  menu  of  the  ones  we  had  built.  Building  the  items 
to  put  into  the  plot  display  is  very  easy,  although  if  we 
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chose  something  that  wasn’t  valid  (for  example,  asking 
AMSA  to  display  the  same  spectral  sweep  through  two 
checkbox  choices),  we  didn’t  know  this  was  an  error  until 
we  had  saved  the  profile,  exited  AMSA,  reloaded,  and 
found  an  error  message. 

The  upside  is  that  AMSA  tried  to  load  a  default  plot,  sim¬ 
ilar  to  the  one  we’d  erroneously  designed.  Chosen  in  this 
way  the  default  plots  were  only  occasionally  correct, 
based  on  the  goals  of  the  error  plots  we  designed.  We’d 
rather  see  a  method  that  parses  the  choices  before  saving 
the  plot,  saving  numerous  steps  and  head  scratching. 

We  were  thrilled  to  be  able  to  track  all  IEEE  802.1  Ib/g/a 
frequencies,  not  just  the  ones  that  are  “legal”  in  the  United 
States.  Because  this  is  a  passive  device,  choosing  all  fre¬ 
quencies  is  good;  some  organizations  are  unaware  that 
“illegal”  channels  are  in  use,  because  other  products 
don’t  monitor  them. 

Working  with  the  sweeper 

The  display  we  used  most  was  energy  amplitude  vs.  fre¬ 
quency  which  also  can  have  a  reticule  of  channels  1 , 6 
and  1 1  (or  other  combinations  of  non-interfering 
802.1  lb/g  channels)  overlaid  on  it.  In  turn,  the  display 
samples  at  a  user-defined  rate,  but  the  minimum  scan  rate 
(about  one  sweep  per  second)  gave  us  sufficient  infor¬ 
mation  to  position  our  antennas  to  track  the  noise  or  in¬ 
terfering  signal  sources. 

Each  noise  source  we  found  (wireless  phones,  off-chan¬ 
nel  Wi-Fi  devices  and  microwave  ovens)  was  easily  iden¬ 
tified.  AMSA  also  identified  the  type  of  interfering  object, 
often  correctly  citing  a  wireless  phone’s  brand  and 
model  number. 

Using  the  real-time  Fast  Fourier  Transform  method  of 
viewing  spectral  density,  we  could  use  the  sample-and- 
hold-peak  feature  to  track  transient  noise  spikes  caused 
by  our  broadband  source,  as  well  as  see  other  wave¬ 
forms,  such  as  the  sawtooth  waveform  of  a  Bluetooth 
device  (shaped  that  way  by  Bluetooth’s  frequency-hop- 
ping  nature). The  omni-directional  antenna  supplied  by 
AirMagnet  was  sometimes  not  useful  in  tracking  tran¬ 
sient  noises,  especially  when  coupled  with  the  compar¬ 
atively  slow  spectrum  sample  rate.This  meant  we  had  to 
slowly  wave  the  antenna  (even  the  directional  antenna) 

See  Wi-Fi,  page  52 


A  COLLABORATION  SYSTEM  ONE 
HUNDRED  TIMES  MORE  ELABORATE 

ISN'T  ONE  HUNDRED  TIMES  MORE  EFFECTIVE. 

It’s  time  for  a  collaboration  solution  people  will  use  -  and  can  actually 
manage.  Ipswitch  Collaboration  Suite  is  designed  specifically  for  small- 
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to  spot  the  direction  of  the  noise  source.  In  very  noisy 
environments  (high  activity  with  lots  of  background 
noise),  the  multicolored  display  was  still  easy  to  read 
and  understand. 

AMSA  is  captive  to  Windows  platforms,  a  small  disadvan¬ 
tage.  Its  intelligent  interference  database  ranks  it  above  the 
appliance- based  spectrum  analyzers  available  from  several 
vendors.  Apart  from  the  issue  of  our  having  to  reload  the 
application  for  our  software  setups,  it  is  otherwise  a  well- 
designed  noise-source  detection  product. 

Scanning  for  Bluetooth 

Way  back  when,  unwitting  users  often  had  both  Wi-Fi  and 
file  sharing  turned  on,  transforming  their  PCs  into  acciden¬ 
tally  wide-open  file  servers.  Misconfiguring  Bluetooth  can 
produce  the  same  effect:  PCs  or  handheld  devices  with  in¬ 
correctly  configured  Bluetooth  on  them  often  can  be 
cracked  open  like  an  egg. 

Network  Chemistry’s  BlueScanner,  a  free  download, 
can  find  and  articulate  lots  of  data  about  Bluetooth 
devices  and  what  service  sets  are  available.  In  our  tests, 
BlueScanner  found  every  Bluetooth  device  we  had,  in 
addition  to  all  of  their  exposed  features.  Its  database  of 
devices  is  large  and  articulate.  Fixing  exposed  services  is 
still  up  to  users  or  administrators.  BlueScanner  won’t 
cover  this  for  you. 

There  are  few  useful  Bluetooth  tools,  largely  because  of 
the  slow  uptake  of  Bluetooth  among  PC  makers  and  incon¬ 
sistent  support  from  Microsoft  in  its  versions  of  the  Win¬ 
dows  operating  system.With  notebooks  growing  faster  than 
desktop  computers  in  market  share,  many  now  include 
Bluetooth  communication  features  that  provide  easy  links 
between  PDAs,  mobile  phones,  converged  devices  and 
other  Bluetooth  equipment. 

Features  that  BlueScanner  exposes  are  very  different 
from  those  of  Wi-Fi,  Ethernet  and  other  IEEE  802.1  IX  stan¬ 
dards,  although  Bluetooth  can  be  used  as  a  transport  for 


TCP/IPThe  scariest  exposed  service  is  the  OBEX  API,  used 
to  expose  and  interchange  data  objects,  such  as  files  and 
folders.  OBEX  lets  users  upload  mobile-phone  camera 
photos  and  communicate  with  contact  files,  among  oth¬ 
ers.  Many  vendors  use  a  default  password  to  permit  easy 
bonding  between  two  Bluetooth  devices  —  0000,  just  like 
Wi-Fi’s  default  name  for  an  access  point.  If  your  users 
haven’t  changed  this  default,  then  cracking  their  Blue¬ 
tooth  devices  is  child’s  play. 

Protecting  and  removing  a  published  service  from  pub¬ 
lic  view  requires  different  actions  for  each  type  of 
Bluetooth  device,  and  Bluetooth  software  versions  fre¬ 
quently  change.  It’s  up  to  users  or  their  support  staff  to 
secure  the  devices  from  probing,  although  personal  fire¬ 
wall  software  such  as  Norton’s  Internet  Security  2005  will 
block  at  least  one  service  (Internet  linking  through  a 
Bluetooth  port)  by  default.  This  also  disables  OBEX  in 
configurations  we’ve  seen. 

Installing  BlueScanner  was  easy  —  but  only  with  the 
right  hardware  and  patched  operating  system  version. 
Only  Windows  XP  with  Service  Pack  2  is  supported,  and 
then  only  with  Microsoft-supplied  drivers.  Many  machines 
that  have  been  upgraded  to  Windows  XP  SP2  have  legacy 
drivers  that  weren’t  upgraded,  and  these  drivers  are  use¬ 
less  to  BlueScanner.  Only  Microsoft’s  will  do.  Software  bun¬ 
dles  that  talked  to  the  old  drivers  might  be  used  with 
Microsoft’s  drivers,  causing  further  compatibility  issues 
with  legacy  software. 

BlueScanner  lists  a  subset  of  PC-based  Bluetooth  inter¬ 
nal  and  dongle  devices  that  will  work  with  it.  Several  we 
tried  didn’t  work,  and  we  finally  obtained  a  supported 
Belkin  Class  1  device  (which  has  the  improved  328-foot 
operational  radius  vs.  the  older  32-foot  Bluetooth  radius) 
to  perform  our  test. 

We  strongly  recommend  a  Class  1  device,  because  of  its 
increased  radial  operational  range. 

The  application  scans  for  Bluetooth  devices,  looks  them 
up  by  brand  or  model,  then  assesses  which  features  are 
turned  on.  It  is  complete  in  its  ability  to  read  the  device- 
advertised  Bluetooth  functionality,  although  it’s  sometimes 


We  used  AirMagnet  Spectrum  Analyzer  on  an 
HP  ZV5000  (AMD64@2.4Ghz,  lG-byte  dynam¬ 
ic  RAM)  and  a  Toshiba  Satellite  M35XS-S111 
(AMD’s  Celeron  i.8GHz  with  256M  bytes)  both  run¬ 
ning  Windows  XP  Professional  SP2, 32-bit  edition. We 
tested  AMSA  with  its  internal  and  external  antennas. 
We  found  the  external  to  be  vastly  preferable,  and 
used  it  exclusively  for  our  device  testing. 

Several  known  noise  sources  were  used  to  test  the 
analyzer’s  ability  to  identify  consumer-electronics 
noise  sources.  Correctly  identified  were  several 
brands  and  models  of  2.4-GHz  phones  and  5.8-GHz 
FM  phones  from  Panasonic  and  Uniden.  We  also 
found  a  noisy  microwave  oven  (GE  2003  model). We 
also  tested  out-of-band  Wi-Fi  network  interface  cards 
(within  the  frequency  spectrum  that’s  tracked)  as 
well  as  Bluetooth  devices  (Belkin  Bluetooth 
adapters,  PCs,  Macs,  and  other  devices  with  integral 
Bluetooth  in  active  discovery  modes  that  produce 
signals),  and  a  broadband  noise  source  (a  leaky  old 
automobile  generator). 

We  tested  BlueScanner  on  the  same  platform  as 
the  AirMagnet  Spectrum  Analyzer,  but  had  to  disable 
the  integral  HP  Bluetooth  adapter,  as  it  was  incom¬ 


patible  with  Microsoft’s  Windows  XP  SP2  driver  set. 
We  principally  used  a  Belkin  Class  1  USB-Bluetooth 
adapter. 

We  tested  detection  in  the  lab  by  using  Sony 
Ericsson  T610s,  several  Nokia  phones,  Plantronics 
and  Scala  Bluetooth  earpieces,  and  two  Apple 
Powerbook  G4s  (one  with  integral  adapter  and  one 
with  an  OEM  Bluetooth  adapter)  to  detect  the 
adapters  and  features  of  each  device.  We  turned  the 
features  on  and  off  (where  possible,  as  different 
adapters  and  drivers  have  combined  service  toggles 
for  each  specific  Bluetooth  device)  and  noted  that 
BlueScanner  sees  the  changes  in  service  advertise¬ 
ments  or  the  results  of  the  queries.  Usually  this  takes 
just  a  few  seconds,  but  we  noted  that  some  drivers 
change  the  feature  set  very  siowly.and  we  used  other 
Bluetooth  device  queries  to  verify  the  slowness  of 
the  feature  changes. 

We  also  tested  BlueScanner  in  a  very  densely  pop¬ 
ulated  area  of  tech-industry  people.  BlueScanner 
identifies  items  quickly,  but  needs  a  while  to  update 
the  features  in  each  Bluetooth  device  it  “hears.”  Logs 
of  sessions  and  locations  can  be  saved  for  future 
audit  and  scrutiny. 
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Pros:  Highly  articulate  Bluetooth  service  finder; 
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Cons:  Finds  ghosts  (see  article);  highly  confined 
base-platform  needs;  not  designed  for 
feature  debugging. 
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slow  in  digesting  and  presenting  the  information  on  its  user 
interface. 

Our  surveys  with  BlueScanner  were  an  eye-opener,  as 
many  devices  we  discovered  were  both  exposed  and  not 
secure.  In  our  labs,  BlueScanner  found  all  of  the  phones 
and  devices  we  regularly  use,  with  the  exception  of  one 
bonded  Bluetooth  earpiece  transceiver  from  Scala.The  sys¬ 
tem  also  discovered  which  facets  of  devices  are  supported 
and  discoverable  by  anyone  passing  by  As  we  turned  on 
and  off  various  Bluetooth  features  (such  as  printing  ser¬ 
vices,  serial  port  services  and  OBEX),  BlueScanner  picked 
up  the  changes  after  a  few  seconds.  The  more  devices  we 
actively  scanned,  the  longer  it  took  for  BlueScanner  to 
detect  the  changes. 

Look  out  for  ghosts 

The  application  also  detected  ghosts.  Devices  present  in 
one  session  but  not  the  next  would  turn  up  as  active.  The 
phantom  device  was  deemed  present  because  the  Blue¬ 
tooth  earpiece  device,  bonded  to  our  phantom  phone, 
was  still  present  even  if  the  phone  was  not.  Network 
Chemistry  has  acknowledged  the  bug  and  is  examining 
the  problem. 

We  then  took  BlueScanner  to  a  500-person  conference 
room  at  a  technology  trade  show,  and  were  completely 
amazed  at  the  number  of  devices,  phones  and  PDAs  we 
could  discover  so  easily. 

Ethically  obliged,  we  didn’t  probe  further  to  see  if  we 
could  crack  the  devices,  but  were  otherwise  amazed  at 
the  detailed  listing  of  their  supported  functionality,  rang¬ 
ing  from  OBEX  to  serial  or  printer-  device  support.  Blue¬ 
Scanner  doesn’t  crack  devices,  it  finds  out  only  what 
ones  are  publicly  broadcasting. 

If  the  hurdle  of  the  extremely  narrow  choice  of  platform 
support  is  overcome,  we  think  BlueScanner  represents  an 
important  tool  for  network,  system  and  security  adminis¬ 
trators,  and  any  organization  that  isn’t  securing  Bluetooth 
on  their  platforms  has  a  problem  equal  in  size  to  unse¬ 
cure  Wi-Fi. 

Henderson  is  principal  researcher  for  ExtremeLabs  in 
Indianapolis.  He  can  be  reached  at  thenderson@extreme 
labs.com 


HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon™  Processors  (3.80GHz/2MB)' 

•  High  density:  Up  to  48  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

■  HP  Systems  Insight  Manager™:  Web-based 
networked  management  through  a  single  console 

■  Rapid  Deployment  Pack:  For  ease  of  deployment 
and  ongoing  provisioning  and  reprovisioning 

•  Integrated  Cisco  or  Nortel  switch  options 


The  HP  ProLiant  BL20p  G3  blade  server,  powered  by  Intel®  Xeon™  Processors,  keeps  you  one  step  ahead 
of  potential  problems.  Our  exclusive  Performance  Management  Pack  (PMP),  an  integrated  component 
of  HP  Systems  Insight  Manager,™  keeps  a  watchful  eye  over  your  servers  and  storage,  alerting  you  when 
if  detects  potential  bottlenecks  in  the  making.  It  also  provides  you  with  a  concise  overview  of  configuration 
anomalies  that  could  impact  performance  and  offers  clear-cut  recommendations  for  solving  them.  Bundle 
the  BL20p  with  the  new  HP  StorageWorks  MSA1500cs  featuring  Advanced  Data  Guarding  (ADG)  that 
replicates  data  for  unsurpassed  fault  tolerance.  You  may  debate  whether  a  problem  that  doesn't  happen 
exists.  But  HP  makes  sure  it's  no  problem  for  you. 


HP  StorageWorks  msai500cs 


Get  2TB  of  storage  free  ($3,032  Value)2 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 
■  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 

for  greater  flexibility 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


Download  a  free  IDC  white  paper: 

Broadening  the  Blades  System  Portfolio 

Save  $750  on  the  new  HP  Blade 
System  111  power  enclosure  solution? 
See  Web  site  for  details. 


1.  Intel’s  numbering  Is  not  a  measurement  ot  higher  performance.  2.  Receive  up  to  2TB  ot  storage  free  with  purchase  of  HP  StorageWorks  modular  Smart  Array  1500cs  devices.  Offer  valid  through  1/31/06.  3.  Save  $750  instantly  on  the  purchase  of  the  HP  Blade  System  pCIass  111  power  enclosure,  offer  vai.f 
through  1/31/06.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography  may  no'  accuraie'/ 
represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewleti-Packarc  Development  vx-if  =•■%  I  ' 


Call  1-866-625-3909 
Click  hp.com/go/bladesmag34 
Visit  your  local  reseller 
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E-MAIL  KWSLETTER  SHOWCASE:  MESSAGING 

What's  in  Exchange  1 2? 


BY  MICHAEL  OSTERMAN 
The  new  version  of  Microsoft  Ex¬ 
change,  Exchange  12,  has  a  num¬ 
ber  of  interesting  and  useful  fea¬ 
tures  planned.  Here  are  a  few  of 


the  highlights  Microsoft  is  plan¬ 
ning  for  the  next  major  release  of 
its  flagship  messaging  system: 

•  Exchange  will  make  extensive 
use  of  server-based  roles,  all  of 


which  can  be  run  from  a  single 
server  for  smaller  organizations  or 
segmented  into  function-specific 
roles  for  larger  organizations. 
These  roles  include  gateway  (Fort 


Test-Um  Inc. 

The  Intelligent  Test  Solutions  Company 


25  management  and  hygiene 
functions);  bridgehead/hub  (for 
policy  management  and  transport 
functions);  unified  messaging  ser¬ 
vices  (PBX  interface,  voice  mail 


We  Make  It 

BEST 


and  fax  management);  mailbox 
services;  and  client  access  ser¬ 
vices.  Voice  mails  can  be  routed 
through  a  bridgehead  server  for 
retention  purposes,  although 
there  will  be  no  text  conversion  of 
voice  mails. 

•  Exchange  12  will  automati¬ 
cally  encrypt  messages  by  de¬ 
fault,  and  communications  be¬ 
tween  Exchange  12  environments 
will  automatically  share  keys. 

•  Microsoft  will  be  focusing 
more  on  compliance  in  Exchange 
12  than  it  has  in  previous  versions. 
The  new  version  will  include 
transport  rules  that  are  modifiable 
via  a  rules  editor  and  will  include 
a  separate  set  of  rules  for  manag¬ 
ing  retention  and  deletion  poli¬ 
cies.  Microsoft  is  not  planning  any 
versions  of  Exchange  12  that  are 
specifically  designed  to  be  com¬ 
pliant  with  the  Sarbanes-Oxley 
Act  or  the  Health  Insurance  Port¬ 
ability  and  Accountability  Act. 

•  There  will  be  a  new  adminis¬ 
trator  user  interface  in  Exchange 
12,  including  a  new  command¬ 
line  feature. 

•  Exchange  12  will  feature  full 
text  indexing  and  searching  capa¬ 
bilities. 

Exchange  12  will  go  into  beta 
during  the  fourth  quarter  of  this 
year  with  about  1,400  customers. 
A  larger  beta  is  planned  for  mid- 
2006,  with  release  planned  for  late 
2006  or  early  2007. 

While  some  of  the  features  and 
capabilities  that  will  be  included 
in  Exchange  12  are  already  avail¬ 
able  in  other  messaging  systems, 
the  new  version  of  Exchange 
promises  to  be  a  major  step  for¬ 
ward  for  current  users  of 
Exchange. 

Osterman  is  the  principal  of 
Osterman  Research,  a  market 
research  firm  that  helps  organiza¬ 
tions  understand  the  markets  for 
messaging ,  directory  and  related 
products  and  services.  He  can  be 
reached  michael@ostermanre 
search.com. 
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How  many  tools  do  you  use  to 
,  Identify,  Configure  &  Document 
your  Ethernet  network? 

(That’s  too  many!) 

Introducing  Validator-NT 

The  All-in-One  Network  Management  Tool 


CERTIFY  individual  Ethernet  cable  runs  up  to 
1  Gigabit  Speed  per  IEEE802.3  specifications. 

Test  for  TIA568  Interconnect  problems.  Determine 
fault  locations,  cable  length  and  delay  or  noise 
conditions.  Produce  and  print  cable  test  schedules 
and  cable  test  results.  Qualify  lines  for  VoIP  usage. 


IDENTIFY  active  components  of  your  network  on 
the  other  end  of  the  cable.  Identify  all  types  of  equipment 
and  port  service  discovery  with  advertised  speed  ratings 
and  DHCP  negotiation.  Access  IP  addresses,  ping  equipment 
and  flash  hubs/switches  for  positive  port  location. 

CONFIGURE  links  between  nodes  at  Gigabit  speed. 

Check  IP  addresses  on  netmask,  Gateway/routers  and  domain 
name  servers.  Confirm  links  between  equipment  for  changes 
or  upgrades. 

DOCUMENT  the  network  with  the  included  powerful 
Plan-Urn™  software.  Create  layouts  of  offices/premises  or  import 
existing  Visio/AutoCAD  drawings.  Show 
cables  and  equipment  they  connect  to  in 
physical  locations.  Print  out  layouts  and 
corresponding  Cable  Test  Schedules.  The  Network 
Tool  section  of  Plan-Urn™  allows  you  to  create  a  complete 
topology  layout  of  the  network  for  on-site  reference,  showing 
connections,  equipment  and  cable  pathways.  You  can  add  notes  to  each 
component  of  the  network  for  future  add,  changes,  and  move  legacy  information. 


4"  color  LCD  screen 

Lithium/ion  battery 
provides  8  continuous 
hours  of  use 

Unlimited  flash 
card  memory 


Powerful  Plan-Um’“ 
software  included 


NT955 
M SR P  only 
$1495.00 


Everything  you  need  to  Test,  Trace  and  Tune  your  Ethernet  Network. 


805-383-1500  •  FAX  805-383-1595  •  www.test-um.com 


Citrix  NetScaler 

makes  any  application 


15  times  faster 

for  anyone,  anywhere. 


CITRIX 


Every  day,  leading  Global  2000  enterprises,  including 
the  five  largest  e-businesses  in  the  world,  rely  on 
Citrix®  NetScaler®  solutions  to  dramatically  accelerate 
application  performance.  All  without  adding  servers, 
bandwidth,  or  consultants.  Perhaps  that’s  why 
Citrix  NetScaler  application  delivery  systems  are 
rated  #1  in  customer  satisfaction  among  Layer 
4-7  networking  vendors.  See  what  Citrix  NetScaler 
can  do  for  you  at  www.citrix.com/netscaler 


CITRIX 


©  2005  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix  and  NetScaler  are  trademarks  of  Citrix  Systems,  Inc.,  and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  U.S.  Patent  and  Trademark  Office  and  in  other  countries. 
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E-MAIL  NEWSLETTER  SHOWCASE:  WIRELESS  IN  THE  ENTERPRISE 

Cisco  to  integrate  two-way  radio  networks 


BY  JOANIE  WEXLER 

!  described  one  possibility  for 
merging  islands  of  wireless  com¬ 
munications  into  a  nationwide 
public  safety  network  in  a  previ¬ 


ous  newsletter  about  Pronto  Net¬ 
works’  UniFi  Digital  Communities 
Grid  (see  www.networkworld. 
com,  DocFmder:  9629). That  effort 
ties  together  municipal  networks 


in  several  states  with  common 
billing,  settlement  and  application 
services. 

In  the  wake  of  Hurricane  Wilma, 
we  now  have  another  emerging 


alternative:  the  Cisco  Internet  Pro¬ 
tocol  Interoperability  and  Com¬ 
munications  System  (IPICS), 
which  the  company  publicly 
demonstrated  last  week.  IPICS 


will  IP-enable  two-way  radio 
communications,  then,  via  a  spe¬ 
cial  server,  integrate  it  with  other 
voice  communications  and,  even¬ 
tually  data  and  video  networking. 

In  addition  to  its  potential  for 
creating  a  public  safety  “network 
of  networks,”  the  company  also 
touts  IPICS  for  applications  in  the 
transportation/logistics,  retail  and 
emergency  healthcare  industries 
—  anywhere  where  closed  two- 
way  radio  networks  currently 
exist.  The  idea  is  to  tie  networks 
together  rather  than  having  gov¬ 
ernments  and  enterprises  up¬ 
grade  all  their  radios  and  equip¬ 
ment  to  common  frequencies  so 
they  can  intercommunicate. 

In  the  Cisco  model,  devices  that 
don’t  already  use  IP  plug  into 
Cisco  IP  gateways;  for  example, 
cell  phones  with  or  without  push- 
to-talk  capabilities  ultimately  con¬ 
nect  to  a  Cisco  Public  Switched 
Telephone  Network/VoIP  gateway 
and  two-way  radios  communicate 
to  a  Cisco  LAN  Mobile  Radio 
Gateway  Once  all  communica¬ 
tions  are  IP-enabled,  the  Cisco 
IPICS  Linux-based  LAN  server 
takes  over,  functioning  as  the 
switchboard  that  allows  disparate 
devices  to  communicate  with  one 
another. 

Cisco  has  mentioned  integrating 
global  positioning  systems,  sen¬ 
sors  and  video  surveillance  sys¬ 
tems  into  the  IPICS  platform. 

Eventually,  for  example,  once 
IPICS  evolves,  perhaps  video  cam¬ 
eras  on  a  fire  marshal’s  helmet 
communicating  with  local  surveil¬ 
lance  cameras  in  a  burning  build¬ 
ing  would  allow  him  to  direct 
emergency  personnel  on  the 
scene  as  to  what  is  happening 
inside  and  prevent  disaster. 

At  this  juncture,  no  timeframe 
for  commercial  IPICS  availability 
or  pricing  have  been  announced. 

Wexler  is  an  independent  net¬ 
work  technology  writer/editor  in 
Silicon  Valley.  She  can  be  reached 
at  joanie@jwexler.com. 
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ONLY  DESKTOP  AUTHORITY  7.0  ADDS  UP  TO  A  TOTAL  DESKTOP  MANAGEMENT  SOLUTION. 

Do  the  math  and  you'll  see  the  all-new  Desktop  Authority®  7.0  is  the  solution  that  gives  you  the  comprehensive 
functionality  you  need  network  wide.  Get  all  the  control  and  productivity  you  want  in  a  single,  award-winning  solution! 


THE  ALL  NEW 

DESKTOP  ^0 

/ 


D  Hardware  and  software  inventory 

■ - I - _  _.w  ■  Import  and  deploy  group  policy  settings 

MU nimlTY  Jf  Hi  Patch  deployment  for  desktops 

91  Detect  and  remove  spyware 


Si  Role-based  administration 
f£  Desktop  configuration  without  scripts 
E3  Power  management 


AVAILABLE  NOVEMBER  1 


■ 

w'uWl 

# 
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CONGRATULATIONS,  YOUR 

HIG  -PR'  FILE  SECURITY  PROJECT 

IS  FINALLY  READY  FOR  DEPLOYMENT. 


IT  security  is  more  vital  than  ever,  and  testing  is  the  only  way 
to  ensure  its  success*  With  Spirent  testing  solutions,  you  can  prevent 
security  breaches  and  protect  your  company’s  assets  by  testing  security 
infrastructure  before  you  deploy  it.  Testing  early,  and  under  real-world  conditions, 
allows  you  to  properly  evaluate  IT  vendor  claims  and  determine  if  the  various 
systems  and  devices  are  a  good  fit  for  your  enterprise  network.  In  the  end, 
testing  will  significantly  reduce  security  risks  white  saving  you  money.  To  read 
our  white  paper  Putting  Security  to  the  Test,  call  1-800-927-2660  or  download 
it  at  www.spirentcom.com/go/securitytest. 
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Dominion  KX 

incorporates  128-bit  SSL  encryption, 
fending  off  hackers,  even  from  your 
video  stream. 


An  elegant  design. 


providing  remote,  BIOS-level 


1 


access  and  control  of  Wintel  and 


Linux  servers  that  works  with  the 
industry's  widest  range  of 


browsers  and  operating  systems. 


A  remote  user  experience 
just  like  you're  standing 
at  the  rack, 

with  a  GUI  as  comfortable 
as  fine  Italian  shoes. 


.com 


WWW 


Introducing  the  newest  version  of  Dominion®  KX.  A  perfect  combination  of  features. 


Attention  Linux®  admins  ...  Our  newest  KVM  (Keyboard,  Video,  Mouse)  switch  gives  you  a  combination  of 


features  you  might  have  thought  impossible.  The  new  Dominion  KX  gives  you  secure  anytime,  anywhere 
access  and  control  from  almost  any  combination  of  browser  and  OS  y< 
remote  user  experience  that's  virtually  indistinguishable  from  an  at-th 
See  just  how  perfect  your  IT  infrastructure  management  could  be. 


©  200S  Raritan  Computer.  Inc.  Raritan  and  Dominion  are  registered  trademarks  of  Raritan  Computer,  Inc. 
Linux  is  a  registered  trademark  of  Linus  Torvalds 
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MANAGEMENT  STRATEGIES 

Vendors  target  vertical  markets 

Firms  cater  to  customers  through  wares  tailored  for  specific  markets. 


BY  PHIL  HOCHMUTH 

bile  most  IT  vendors  do  not 
tailor-make  servers,  switches, 
security  and  storage  gear  for 
specific  businesses,  some  purveyors 
of  high-tech  wares  are  starting  to 
focus  more  closely  on  specific  verti¬ 
cal  customer  segments. 

For  years,  businesses  in  the  manufacturing,  healthcare, 
retail  and  financial  markets  have  worked  with  vendors  to 
mold  products  for  wide,  horizontally  focused  markets  and 
customize  them  for  tasks  unique  to  specific  industries.  In 
response  to  this,  large  vendors  such  as  IBM  and  Cisco  have 
created  vertical-focused  marketing,  support  and  services 
groups  to  act  as  liaisons  among  users  with  specialized  re¬ 
quirements  and  the  engineers  and  product  managers 
designing  the  gear. 

One  example  of  this  is  IBM’s  recent  revamping  of  how  it 
offers  Linux-based  products  and  services  to  its  customers. 
Instead  of  just  selling  to  all  comers  Linux  distributions, such 
as  Red  Hat  and  Novell’s  SuSE,  on  top  of  its  iSeries,  xSeries, 
pSeries  and  zSeries  hardware,  IBM  created  separate  verti¬ 
cal-focused  offerings  for  such  industries  as  automotive,  re¬ 
tail,  banking  and  supply-chain  management,  which  can  be 
applied  to  multiple  verticals. 

The  four  vertical-focused  Linux  areas  are  called  Infra¬ 
structure  for  Automotive  Common  Environment, Total  Store 
Solutions,  Production  and  Supply  Chain  Transformation, 
and  Front  Office  Optimization  for  Banking. 

Through  these  programs,  iT  executives  in  each  vertical 
can  purchase  Linux-based  servers,  applications  and  spe¬ 
cialized  front-end  desktop  products,  such  as  point-of- 
sale  terminals  for  retail,  advanced  CAD  workstations  for 
automotive  design  or  customized  bank  teller  applica¬ 
tions,  says  Scott  Handy,  vice  president  of  worldwide 
Linux.“So!utions  are  being  defined  by  the  customer,  not 
by  the  vendor^  he  says. 

Most  of  the  IBM  solutions  involve  standard  Linux  builds 
and  servers,  with  customized  applications  and  other 
tweaks  aimed  at  the  specific  vertical.  Other  vendors,  such 
as  Cisco,  have  taken  the  vertical  focus  to  the  next  step,  by 
making  hardware  products  aimed  at  certain  niche  markets. 

Cisco’s  vertical  efforts  led  to  the  development  of  a  spe¬ 
cialized  product  for  manufacturing  environments:  the 
Catalyst  2955,  a  LAN  switch  modified  to  operate  on  the  fac¬ 
tory  floor.  Unlike  most  Cisco  switches,  the  Catalyst  2955  in¬ 
cludes  heat  sinks  instead  of  fans,  so  dust  and  debris  are  not 


sucked  into  the  device.  The  box  also  is  engineered  to  run 
under  higher  temperatures  than  regular  switches. 

More  recently  the  vendor  launched  its  Medical  Grade 
Network  effort,  which  involves  partnerships  with  vendors 
who  make  healthcare-specific  IT  products  that  allows 
applications  and  devices  to  operate  more  smoothly  over  a 
Cisco-based  LAN  or  WAN. 

One  offering  is  nurse  call  integration  via  Cisco  IP  phones 
using  software  such  as  Rauland-Borg  and  middleware  from 
Emergin  Technologies.  This  product  package  allows  Cisco 
IP  phones  and  wireless  LAN  (WLAN)  IP  phones  to  act  as 
nurse  paging  and  contacting  systems,  which  can  deliver 
text  data  and  voice  to  the  nurse  being  paged. Another  offer¬ 
ing  in  this  area  is  Location-Based  Services,  which  allows  a 
hospital  to  track  the  physical  location  of  key  doctors  or 
important  pieces  of  equipment  through  a  Cisco  WLAN  in¬ 
frastructure  and  third-party  RFID  equipment  from  PanGo. 

Boston  Medical  Center  is  piloting  some  of  the  IP  com¬ 
munication  technologies  Cisco  offers  for  healthcare  cus- 
tomers.“We  were  in  search  of  a  killer  app  or  a  function  for 
VoIP  other  than  the  cool  factor  that  would  speak  to  a  busi¬ 
ness  need  or  problem,” says  Darren  Dwarkin.CTO  at  Boston 
Medical  Center. 

The  healthcare  facility  uses  Cisco’s  Clinical  Connection 
Suite,  which  includes  7920  IP  phones  that  support  XML  text 
messaging  and  APIs  for  writing  code  that  can  interface  with 
other  systems,  such  as  network-enabled  medical  devices. 

“Now,  on  the  hips  of  nurses,  there  is  an  integrated  voice 
path. And  were  beginning  to  build  automated  messaging 
directly  to  phones,”  Dwarkin  says.  The  capability  would 
allow  clinical  devices  such  as  ventilators  and  pumps  to 
send  text  alerts  to  nurses. 

Such  product  designs  and  integration  projects  come 
directly  from  Cisco  customers,  says  Rod  Scott,  director  of 
solutions  marketing  for  Cisco. 

“We  run  a  technical  advisory  board  which  includes  the 
top  network  engineers  from  our  top  40  accounts,”  he 
$ays.“They  tell  us  what  they’d  like  to  see  from  us.  During  the 
meetings,  the  members  break  themselves  up  into  vertical 
groups,  to  discuss  the  things  they  care  about  with  Cisco 
engineers.” 

This  type  of  Cisco  engineer/customer  interaction  spurred 
creation  of  the  industrial-strength  Ethernet  switch  and 
Cisco’s  medical-focused  efforts. 

“When  we  build  products  or  add  new  features,  we  often 
have  a  vertical  application  in  mind,  because  the  ideas 
come  from  customers,”  Scott  says.“In  the  end,  the  ideas  are 
applied  horizontally  and  changed  into  something  all  cus¬ 
tomers  can  use.” 

Another  example  of  this  is  Cisco’s  recently  announced 
modules  for  its  WAN  routers  that  integrate  XML-based 
Application  Oriented  Networking  technology  with  third- 
party  RIFD  infrastructure  products  from  partners  Connec- 
Terra,  Intermec  Technologies,  PanGo  Networks  and  Thing- 
Magic.The  result  is  a  box  that  can  identify  RFID  packets 


sent  from  reading  devices  to  the  network,  then  accelerate, 
encrypt  and  filter  the  traffic  to  deliver  it  more  smoothly  to 
retailer’s  back-end  database  systems. 

While  IBM’s  vertical  Linux  push  and  Cisco’s  market- 
focused  efforts  may  appeal  to  IT  professionals  in  specific 
sectors,  other  users  say  there  always  will  be  room  for  niche 
technology  products  as  long  as  there  are  specialized  re¬ 
quirements  unique  to  a  certain  industry 

One  example  is  in  the  area  of  Material  Safety  Data  Sheet 
(MSDS)  information  management.The  Environmental  Pro¬ 
tection  Agency  requires  all  chemical  manufacturers  to 
make  MSDS  information  available  to  partners  and  cus¬ 
tomers.  Customers  who  make  products  based  on  chemi¬ 
cals  also  must  track  what  they  put  into  their  products 

Getting  vertical 

While  IT  and  networking  companies  try  to  reach 
as  broad  an  audience  as  possible  for  selling 
products,  vendors  also  approach  specific  vertical 
segments  with  trageted  offerings. 

IBM:  Vertical  market  product  packages  based  on  Linux, 
with  a  focus  on: _ _ 

•  infrastructure  for  Automotive  Common  Environment. _ 

•  Total  Store  Solutions. _ 

•  Production  and  Supply  Chain  Transformation. _ 

•  Front  Office  Optimization  for  Banking. _ 

Cisco:  Development  of  products  targeted  for  specific 
industries  such  as:  _ 

•  Hardened  Ethernet  switches  for  factory  environments,  such  as 

the  Catalyst  2955. _ 

•  Cisco  Medical  Grade  Network. _ 

•  Cisco  IP  Interoperability  and  Collaboration  System  (IPICS,  a  server 
that  integrates  wireless  two-way  radio  and  cellular  push-to-talk 
for  first  responders  and  public  safety  organizations). 

through  MSDS. 

Easton  Sports,  a  maker  of  sporting  gear,  must  track  hun¬ 
dreds  of  thousands  of  MSDS  listings  for  all  the  chemicals 
and  other  materials  used  to  manufacture  its  gear.  The  firm 
uses  a  software  tool  from  a  small  application  vendor  called 
Actio,  which  makes  MSDS  Vault,  a  software  tool  that  Web- 
enables  access  and  storage  of  MSDS  data  for  manufactur¬ 
ing  customers. 

While  Easton  uses  products  from  Cisco  and  IBM, its  niche 
products,  such  as  Actio’s  software,  are  often  key  compo¬ 
nents  in  a  vertical  businesses  IT  infrastructure, says  Michael 
Mendoza,  environmental  health  and  safety  coordinator  at 
Easton  Sports. 

Mendoza  says  this  type  of  application  is  too  specialized 
for  big  software  vendors  with  a  broader  focus.  H 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabin*  t 

The  Sentry  CPU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110  VAC,  208 VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Prc  s 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On/Off/Rebc  t 

Server  Technology,  Inc.  toll  free  +1.800.835.1515 
1040  Sandhill  Drive  tel  +1.775.284.2000 

Reno,  NV  89521  fax  +1.775.284.2065 

www.servertech.cam 

sales@servertech.com 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

B',.  RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  ropms  and  multiple  computers. 

ATfie  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  In  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


fyfeja*  , 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


XtendVue  RackView 

Vertical  Rack  mountable  LCD  Fold-Forward 

With  Built-in  KVM  Extender 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 


281  933  7673 
+  44(0)  1264  850574 
+65  6324  2322 
+617  3388  1540 


800-333-9343 

WWW.ROSE.COM 


Problems  overwhelming  your  current  sniffer? 


Advance  to  the  next  level  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toil  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


Need  Secure  Console  Management? 


SSH  or  Out-of-Band  Access  to  Consoles  at  Remote  Locations 


Secure  Shell  (SSHv2)  Encryption 
Simultaneous  SSH  or  Telnet 
TAGACS  &  RADIUS  Authentication 
Dial-Back  Security  on  Modem  Port 
Command  Logging  with  Audit  Trail 
SYSLOG  Reporting 
NTP  Server  Ready 
Any-to-Any  Port  Switching 
Non-Connect  Port  Buffering 
Port-Specific  Password  Protection 
Data  Rate  Conversion 
Rack  Mountable  -  Requires  1  Rack  Unit 
115/230  VAC  or  -48  VDC  Models 


Web  Browser  Interface 


W ( I  -  t,un vole  I'vil  Management  SfAtchei.  Mtciusoll  - 


{  Ek  £<&  View  Ffivoirtw  loot*  y«te 


SECURE  CONSOLE  MANAGER 


Network  Parameters 


{  (65  106.93  tU 

isk.  1255  2*5  265.0 

Address  |85l(».93  97 


mge  Network  Parameter 


The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  on  UNIX  servers,  routers  and  any  other 
network  elements  which  have  a  serial  console  or  craft  port.  System  administrators 
can  access  serial  maintenance  ports  over  the  network  via  SSH  connections  and  simple, 
menu-driven  commands  or  through  a  discrete  TCP  port  connection,  mapped  directly  to 
one  of  the  SCM-16  serial  outputs. 

-i  Visit  Website  for  Complete  NetReach  ™  Product  Line 

1  fl  r  Z]  □  (800)  854-7226  •  www.wti.com 

I  I  I  I  I  FI  5  Sterling  •  Irvine  •  California  92618-2517 

U  (949)586-9950  •  Fax:(949)563-9514 


Tele*nabc  Inc  .  5  Sterling.  Irvine.  C a  92618  --  bttfA’y.w.y  wa  om 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Dem 


western  telematic  incorporated 
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Increase  your  data  center  availability 


...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 


Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 


Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 


Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  or  Telnet  interfaces. 


Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 


Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 


From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 

TM 

tested  and  certified  for  use  with  InfraStruXure 


Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  f895x  •  Call  888-289-APCC  xB791  •  Fax  401-788-2797 


With  over  15  million 
satisfied  customers, 
APC's  Legendary  Reliability™ 
guarantees  peace  of  mind. 


Legendary  Reliability® 


©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 
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dtSearch 
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Instantly  Search 
Terabytes  ofjjew 


.  L ... 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF  while  displaying  embedded 
links,  formatting  andlTiTM>'[4>1 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


Desktop  with  Spi 

Network  with  Spider 

Web  with  Spider  <-•* 

_  -iTiZZi  tint  CD/DVDs  <"001  sz’501" 


W.;- ■ 


Reviews  of  dtSearch 

♦“The  most  powerful  document  search  tool  on  the  market”  —  Wired  Magazine 
♦“dtSearch ...  leads  the  market”  —  Network  Computing 
♦“Blindingly  fast”  —  Computer  Forensics:  incident  Response  Essentials 
♦“A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 
♦“Super  fast,  super-reliable”  —  The  Wall  Street  Journal 
♦“Covers  all  data  sources ...  powerful  Web-based  engines”  —  eWEEK 
♦“Searches  at  blazing  speeds”  —  Computer  Reseller  News  Test  Center 
See  www.dtsearch.com  for  hundreds  more  reviews  &  case  studies 


IT-FINDS  •  www.dtsearch.com 
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What's  on  your 

Network? 

Find  out  with  NetSupport... 
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Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 


Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 


Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 


NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


NETSUPPORT 

DNAvd 

Ne^l-Supp^rf 


Visit  www. netsupport-inc.com  and  download  a  full  trial  license  today. 


Sales:  1-888-665-0808 


And  in  30  minutes  start  viewing  your  vital  Asset  Information. 


www.netsupport-inc.com 
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GDI  offers: 

p-«  Hardware  encryption  over  dial-up  Full  NIST,  FIPS  1 40-2  certifications  •-n 

and  network  connections 

RSA  certified  SecurlD  authentication  Remote  Power  control  *-ri 

without  a  network. 

Patented  central  management  of  ali  Homologous  world-wide  approved  *-r 

remote  devices  internal  modems 

CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military 

Communication  Devices  Inc. 
www.outofbandmanagement.com 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 
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TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  wTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 
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Ethernet  Copper  frTAP 

For  copper-to- copper  connections  - 
Choose  your  speed: 

10/100 . .  $395 

10/100/1000 . . ....$995 


10/100/1000  Conversion  /iTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . .....$1,495 

LX . . . . . $1,495 


Optical  Fiber  nTAP 

• 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

$395 

Four  channel . 

$1,795 

Six  channel . 

$2,395  :. 

. .  -ia 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-/1TAP  today. 

Free  overnight  delivery* 


F<£  cc 


•Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  C5T. 

/iTAP  and  the  rtTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instmments,  IIC 
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ENVIROMUX-MINI 


MONITOR  SERVER  ROOM 

THREATS! 


•  Monitor  threats  such  as  temperature,  humidity 
and  water  leaks 

•  Be  notified  via  email,  SNMP  traps,  web-page 
alerts  and  a  visual  indicator 

•  Low  cost  and  compact  size  system 

Receive  a  FREE  10  ft.  Temperature  Sensor  when 
you  purchase  an  ENVIROMUX-MINI  by  12/31/05. 

Call  800-742-8324  and  mention  reference  code  ENV-NW. 

■rWRfr®  NETWORK  Visit:  www.nti1.com/nw.html 

S  j  TECHNOLOGIES  Email:  sales@ntigo.com 

f  ^  S  S  INCORPORATED  Call:  800-742-8324 


Climate  Monitor 

$399 


Heat 

Humidity 

Air  Flov/ 

Sound 

Doors 

Power 

Camera 


(512)257-1462  ITWatdidogs 


Looking  ahead  to  your  next 
network  project? 

Need  information  now? 

Check  out  VENDOR  SOLUTIONS  for  the  most 
comprehensive  information  on  network  IT  products 
and  solutions  for  your  business  including: 

►White  Papers 
►Special  Reports 
►Partner  Sites 
►Webcasts 

►Marketplace  Product  Finder 
Visit  www.networkworld.com/vendorsolutions  today. 
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Berkeley  Varitronics  Systems  m™,mjo8840 
(732)  548-3737  www.bvsystems.com 


2.4  GHz  SPECTRUM  ANALYZER 
802.11b  &  g  demodulators 
Direction  Finding  of  Rogue  AP’s 


•  Installers  •WISPs  •Hotspots 


VellQUjJocket™ 
Hive  Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution. 


302.11  bg  W-LAN  ANALYZER 


WRCA  NET 


800.699.WRCA 


Worldwide  Provider  of  Network 
Hardware  Sine  e  1981 


3COM 

ADC/Kentrox 

Adtran 

BAT  Electronics 
Bay  Networks 
Cabletron 
Cisco 

Commworfcs/US  Robotics 
Digital  Link 
General  DataComm 
Hull  Speed 
IBM 

Larscom 

...and  mom! 


Call  us  today  for  YOUR  solutions 


Selection 


Micom 

Mot  orola/UD  S/Codex 

Multitech  .  „ 

NBase  Xyplex  S&tS  US  3f}3Tt. 
Nortel  Networks 

p  w  t  WR  Consultant  Associates,  tnc. 

racneieer  jS  committed  to  provide  ALL  your 

Paradyne  network  hardware  needs.  Rely  on  our  expertise 

Patton  10  Pro^kle  End -to- End  WAN  Sotutions 

Racal 
RAD 

SynOptics 
Tylink 
Verilink 


Visit  us  online 
for  weekly 
specials / 


www.wrca.net  , 
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Conduits  to  porn 


Large  companies  say  the  Internet  and  e-mail  pose  the 
greatest  risk  in  terms  of  letting  users  access  harmful  images 
from  company  computers,  according  to  a  survey  by  Delta 
Consulting. 

93%  93% 


Hi  Internet  Hi  Encrypted  files 

■i  E-mail  messages  and  attachments  Hi  Memory  sticks 

Hi  Embedded  files  H  CDs 

Hi  Zipped  files  Hi  DVDs 

HI  Wi-Fi  networks  Hi  Digital  cameras 

■1  Cell  phone  cameras  HI  Scanners 

Non-enterprise  controlled  networks 
Based  on  a  survey  of  50  Fortune  500  organizations. 

Multiple  responses  were  allowed. 


Spyware 

continued  from  page  1 

makers. Whal  those  spyware¬ 
dumping  sites  often  have  in 
common  is  pornographic  con¬ 
tent. 

“We’ve  gotten  to  a  point  where, 
statistically  virtually  all  of  the 
spyware  that  you  get  is  being 
planted  onto  a  system  by  brows¬ 
ing  the  Web,”  says  David  Perry, 
global  education  director  for 
security  vendor  Trend  Micro.“The 
most  available  Web  sites  to 
undertake  this  kind  of  thing  are 


those  Web  sites  that  are  willing  to 
do  anything  to  make  a  buck  off 
of  you.  And  those  have  a  tenden¬ 
cy  to  be  pornography  and  gam¬ 
bling  sites.” 

When  users  browse  such  sites, 
they  wind  up  silently  installing 
adware,  keystroke  loggers, Trojans 
and  other  nefarious  programs.  A 
person  browsing  pornographic 
Web  sites  from  an  unprotected 
machine  could  pick  up  50  or  60 
pieces  of  spyware  in  just  30  min¬ 
utes,  Perry  says. 

Habitual  porn  surfers  can  find 
their  PCs  quickly  disabled  from 
all  the  programs  running  in  the 
background.The  problem  is  so 
widespread  among  consumers 
that  one  computer  repair  consul¬ 
tant  says  the  first  thing  he  looks 
for  when  a  customer  complains 
of  poor  PC  performance  is 
pornography 

‘Almost  universally  it’s  what  the 
problem  is,”  says  the  consultant, 
who  asked  not  to  be  identified.“A 
computer  I  just  did  had  36 
instances  of  viruses  and  700 
pieces  of  malware  installed.  And 
gee,  they  wondered  why  their 
computer  wouldn’t  work. 
Absolutely  it’s  porn-related.” 

It’s  a  problem  that’s  not  limited 
to  private  PCs.  In  corporate  set¬ 
tings,  a  growing  percentage  of 
help  desk  calls  are  associated 
with  spyware,  says  Richard 
Stiennon.vice  president  of  threat 
research  for  anti-spyware  vendor 
Webroot  Software  and  a  former 
Gartner  analyst. 

When  Webroot  uses  its  auditing 
tools  to  discover  a  corporation’s 


threat  exposure, “we’ll  find  55%  of 
machines  have  adware  or  spy- 
ware,  about  4%  will  have  key¬ 
stroke  loggers,  and  7%  to  12%  will 
have  Trojans  on  them,”Stiennon 
says.These  are  companies  that 
have  anti-virus  at  the  gateway  on 
the  desktop  and  at  the  mail  serv¬ 
er,  and  they  still  get  infected.” 

One  reason  companies  are 
behind  in  the  battle  against  spy- 
ware  is  that  they  failed  to  recog¬ 
nize  it  was  a  problem  until  about 
12  months  ago  and  now  they’re 
playing  catch-up,  Stiennon  says. 
There’s  a  lot  to  keep  up  with: 


Webroot  discovers  and  writes  sig¬ 
natures  for  300  new  spyware  vari¬ 
ations  every  week,  he  says. 

Meanwhile,  corporate  users 
continue  to  invite  spyware  and 
other  threats  by  surfing  inappro¬ 
priate  sites.  Reconnex,  a  start-up 
that  offers  corporations  risk-man¬ 
agement  software  and  services, 
reports  in  its  latest  threat  index 
that  89%  of  companies  that  took 
Reconnex’s  48-hour  risk  assess¬ 
ment  found  inappropriate  con¬ 
tent  on  user  PCs. 

Delta  Consulting  this  spring  sur¬ 
veyed  50  of  the  500  largest  US. 
firms  and  found  half  formally 
dealt  with  the  discovery  of  illicit 
images  in  the  workplace  during 
the  past  12  months.  Of  those 
firms  that  pursued  an  investiga¬ 
tion,  44%  removed  an  employee 
from  the  company  and  41%  took 
other  disciplinary  action. 

Illicit  intentions 

URL  filtering  is  one  way  to 
reduce  corporate  exposure  to 
pornography-related  spyware  — 
plus  it  can  help  reduce  unpro¬ 
ductive  Web  browsing  by 
employees. 

By  blocking  gambling,  pornog¬ 
raphy  and  “other  sites  that  have 
no  business  in  a  business,”  com¬ 
panies  can  reduce  the  quantity 
of  spyware  attempting  to  enter 
their  environments  by  about  half, 
says  Bob  Hansmann,  senior  prod¬ 
uct  marketing  manager  at  Trend 
Micro. 

But  URL  filtering  alone  isn’t 
enough.  For  one,  the  number  of 
undesirable  sites  keeps  skyrocket¬ 


ing.  Thousands  of  pornographic 
sites  are  created  every  week,  ana¬ 
lysts  say 

In  addition,  while  the  Internet  is 
the  most  likely  way  users  will 
access  pornographic  images,  it’s 
by  no  means  the  only  avenue. 
Illicit  material  can  make  its  way 
to  desktops  and  notebooks  via 
CDs,  memory  sticks,  mobile 
phones,  digital  cameras  and  MP3 
players,  says  Andy  Churly  vice 
president  of  marketing  at 
PixAlert. 

PixAlert’s  technology  monitors 
image  files  that  reside  on  a  com¬ 
pany’s  network  and  scans  users’ 
desktop  screens  to  see  if  what’s 
being  viewed  is  of  an  illicit 
nature. The  software  analyzes  skin 
tone,  curvature  and  background 
settings,  for  example,  and  it  can 
block  or  blur  suspicious  images 
before  users  see  them. 

PixAlert  has  found  users  will  go 
to  great  lengths  to  circumvent 
corporate  policies; that  prohibit 
viewing  and  distributing  inappro¬ 
priate  content.  One  familiar  tactic 
is  to  embed  pornographic 
images  inside  innocuous-looking 
documents.“We  regularly  come 
across  images  that  are  embedded 
inside  PowerPoint  and  Word  doc¬ 
uments,  and  even  an  Excel 
spreadsheet,”  Churly  says. 

“They’ve  been  quite  industri¬ 
ous,  and  ingenious  in  some 
cases,  on  the  ways  of  actually  get¬ 
ting  images  in  through  company 
gateway  blocking.  Once  images 
are  introduced  behind  the  gate¬ 
way,  then  they  can  be  proliferated 
with  impunity’ he  adds. 

Kevin  Cheek,  vice  president  of 
marketing  at  Reconnex,  has  seen 
similar  efforts  to  circumvent  URL- 
blocking  technologies.  One  user 
in  a  large  healthcare  company 
went  so  far  as  to  install  a  Citrix 
server  to  bypass  his  company’s 
Web  proxy  Cheek  says.  Reconnex 
was  assessing  the  company’s 
compliance  with  healthcare  pri¬ 
vacy  regulations  when  its  tech¬ 
nology  exposed  the  rogue  server, 
which  the  employee  was  using  to 
download  inappropriate  content, 
among  other  things. 

Not  only  do  such  practices 
invite  security  threats,  they  also 
expose  companies  to  potential 
sexual  harassment  lawsuits, 
negative  publicity  and  even 
criminal  violations  if  a  compa¬ 
ny  is  found  to  have  been  negli¬ 
gent  in  preventing  employees 
from  downloading  or  distribut¬ 
ing  illegal  material. “Corporate 
officers  can  be  held  vicariously 


liable  if  negligence  is  proven,” 
Churly  says. 

Overt  use  of  monitoring  tech¬ 
nology  is  one  way  for  companies 
to  deter  improper  surfing  and 
downloading  habits.  If  users  can 
see  that  an  image  has  been 
flagged  as  inappropriate,  many 
will  cease  the  behavior,  Churly 
says.“That  prevents  most  people 
from  transgressing.  Only  those 
who  have  become  habituated  to 
surfing  for  porn  will  continue  to 
try  to  beat  the  system.” 

Some  employees  caught  red- 
handed  simply  continue  the 
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abuse.  Reporting  features  built 
into  Webroot’s  software  can 
quickly  identify  the  most  spy¬ 
ware-prone  users,  and  many  are 
repeat  offenders,  Stiennon  says. 
“Those  guys  jump  right  to  the 
top. They  get  reinfected  every 
dayf  he  says. 

It’s  about  compulsion, some  say 
“Certainly  there’s  a  growing  body 
of  evidence  saying  that  [Internet 
pornography]  is  addictive  in 
nature,”  Churly  says. “Some 
employees  can  spend  several 
hours  a  day  just  surfing  for  illicit 
material.”  ■ 
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A  person  browsing  pornographic  Web 
sites  from  an  unprotected  machine 
could  pick  up  50  or  60  pieces  of  spy- 
ware  in  just  30  minutes. 

David  Perry,  global  education  director,  Trend  Micro 


■  Network  World,  118  Turnpike  Road, 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It’s  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 
SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
it’s  a  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving  business  problems 
and  less  time  solving  technical  problems. 


For  years,  companies  around  the  worid  have  turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong.  So,  it's  not  surprising  that  they’re  now 
turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running.  We  want  the 
same  thing.  Let's  get  together.  To  learn  more,  visit  www.availability.sungard.com  or 
call  1-800-468-7483. 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected ,™ 


•Potential  savings  bases  on  IDC  White  Paper,  Ensuring  Information  Availability:  Aligning  Customer  Heeds  with  an  Optimal  Investment  Strategy. 
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BACKSPIN 


Mark  Gibbs 


Is  Sony’s  CD  DRM  malware? 


o 


ne  of  the  biggest  chal- 
j  lenges  the  computer 
industry  faces  is  get¬ 
ting  Joe  and  Josephine 
Enduser  interested  in  the 
security  reliability  and  manageability  of  their  machines. 

It  seems  no  amount  of  education  will  make  them  under¬ 
stand  that  as  their  lives  become  more  defined  by  the  use 
of  PCs  and  the  Internet,  protecting  their  computers  isn’t 
just  a  cool,  geeky  idea.  It  is  up  there  with  filling  out  tax 
returns:  Tedious  and  boring,  but  fail  to  deal  with  the  issue 
properly  and  really  bad  things  are  guaranteed  to  happen. 

Along  with  this  Sisyphean  education  effort  is  the  prob¬ 
lem  of  legislation.  We’ve  got  laws  that  deal  with  spamming 
(as  toothless  as  they  are),  laws  that  can  be  applied  to 
hackers  and  virus  writers  (if  we  can  catch  them)  and  laws 
that  protect  our  personal  data  (don’t  get  me  started). 

The  good  news  is  that  something  happened  recently 
that  may  lead  to  changes  in  consumer  awareness  and 
legislation. 

The  event  was  the  discovery  that  Sony  —  yes,  that’s  right, 
the  huge,  megacorporation  Sony  —  not  only  has  been 
installing  software  on  people’s  PCs  to  enforce  digital  rights 
management  (DRM)  without  telling  them  but  also  has 
installed  software  to  hide  the  fact  that  they  did  so. 

But  wait;  it  gets  better!  The  code  Sony  uses  has  been 
found  to  be  naive  and  poorly  engineered.  It  has  a  high 


possibility  of  crashing  any  PC  it  is  installed  on  and  soaks 
up  processor  cycles  because  of  inefficient  coding. 

As  far  as  I  can  determine,  the  first  person  to  figure  out 
what  was  going  on  was  one  of  my  heroes:  Mark  Russino- 
vich  of  Winternals  Software.  He  was  testing  the  latest  ver¬ 
sion  of  Winternals’  RootkitRevealer,  which  can  find  a  type 
of  malware  called  a  rootkit  that  can  give  an  attacker  full 
control  over  a  PC  and  attempts  to  hide  itself  from  detec¬ 
tion,  and  noticed  that  his  system  apparently  had  a  rootkit 
installed.This  surprised  him  greatly,  because  he  is  really 
careful  when  it  comes  to  avoiding  risks  such  as  malware. 

To  cut  a  long  story  short  (see  www.networkworld.com, 
DocFinder:  9653),  in  the  process  of  trying  to  find  out  what 
was  going  on,  he  dug  deep  using  a  variety  of  tools.Turns 
out  that  he  had  played  a  Sony  BMG  music  CD  that  can  be 
played  only  on  a  computer  using  the  media  player  on  the 
CD  and  which  restricts  the  number  of  times  you  can  burn 
CD  copies. 

After  spending  considerable  time  picking  apart  what 
was  going  on,  Russinovich  described  his  experience  as 
“frustrating  and  irritating.  Not  only  had  Sony  put  software 
on  my  system  that  uses  techniques  commonly  used  by 
malware  to  mask  its  presence,  the  software  is  poorly  writ¬ 
ten  and  provides  no  means  for  uninstall.”  He  points  out 
that  if  users  attempt  the  obvious  solution  of  deleting  the 
malware  they  could  find  that  their  CD  drive  is  disabled. 

What  is  particularly  interesting  is  that  the  end  user 


license  agreement  (DocFinder:  9654)  that  comes  with  the 
software  does  say  “this  CD  will  automatically  install  a 
small  proprietary  software  program  . . .  onto  your  comput- 
er,”  but  the  description  of  the  software’s  purpose  — “The 
software  is  intended  to  protect  the  audio  files  embodied 
on  the  CD,  and  it  may  also  facilitate  your  use  of  the  digital 
content” —  is,  at  best,  misleading. 

Worse  still,  the  end  user  license  agreement’s  claim  that, 
“Once  installed,  the  software  will  reside  on  your  computer 
until  removed  or  deleted,”  is  disingenuous,  given  the  rootkit 
software  makes  uninstalling  as  difficult  as  possible. 

Sony  has  gone  beyond  the  bounds  of  reasonable  behav¬ 
ior  with  this  DRM  system  and  deserves  to  be  ridiculed, 
prosecuted  and  pilloried  for  such  arrogant  foolishness. 

There  is  a  good  side  to  this  idiocy:  The  visibility  of  Sony 
and  the  completely  negative  press  following  the  publiciz¬ 
ing  of  Russinovich’s  findings  will,  I  hope,  help  consumers 
understand  that  malware  and  devious,  naive  and  self-serv¬ 
ing  business  practices  that  compromise  the  integrity  of 
their  PCs  cannot  be  ignored. 

I’d  like  to  see  Sony  face  a  massive  consumer  backlash 
along  with  a  hefty  fine  and  a  class-action  lawsuit. Write  to 
your  representatives  today  and  make  sure  they  know  that 
we  need  to  stop  unprincipled  corporations  from  compro¬ 
mising  our  PCs  for  the  sake  of  their  profits. 

Express  your  outrage  to  backspin@gibbs.com. 


ETBUZZ  News,  insights,  opinions  and  oddities 


Paul  McNamara 


It's  not  about  speech 

Know  this  much  about  the  so-called  Online  Freedom 
of  Speech  Act,  which  almost  snuck  through  the  U.S. 
House  of  Representatives  last  week:  It  has  virtually 
nothing  to  do  with  freedom  of  speech. 

As  is  almost  always  the  case  in  politics,  this  dust-up 
is  really  about  money  —  in  this  instance,  campaign  contributions.  What  you  have  is  a 
backdoor  attempt  to  exempt  the  Internet  from  a  3-year-old  campaign  finance  reform 
law  that  was  designed  to  limit  the  ability  of  special  interests  —  be  they  liberal,  con¬ 
servative  or  agnostic  —  to  influence  federal  elections  through  unfettered  political 
contributions. 

Right  now  the  law  that  covers  print  and  broadcast  political  advertising  also  covers 
Internet-based  ads,  as  it  most  assuredly  should.  Online  political  advertising  is  but  a 
drop  in  the  bucket  today  relative  to  the  other  varieties,  but  no  one  who  follows  poli¬ 
tics  or  the  Internet  believes  that  such  will  be  the  case  for  much  longer.That’s  why 
the  Online  Freedom  of  Speech  Act  threatens  to  create  more  than  a  mere  loophole  in 
campaign  finance  law. 

“It  reopens  the  floodgates  of  corrupting  soft  money,"  said  Rep.  Martin  Meehan  (D- 
Mass.)  a  co-author  of  the  2002  Bipartisan  Campaign  Reform  Act.  “This  is  no  minor 
affair. This  is  a  major  unraveling  of  the  law." 

And  know  this,  as  welkThe  faux  First  Amendment  protectors  will  be  back,  and, 
absent  a  public  outcry,  they  may  well  have  the  muscle  to  succeed  next  time  around. 
Last  week’s  action  saw  supporters  of  the  Online  Freedom  of  Speech  Act  garnering 
a  225-to-182  vote  majority,  which  failed  to  carry  the  day  only  because  the  measure 
required  a  two-thirds’  majority  because  its  sponsors  bypassed  normal  legislative 
channels  to  seek  an  expedited  decision. 

Expedited,  as  in  let’s  dispense  with  all  the  usual  debate  and  public  scrutiny.The 
irony  of  limiting  debate  on  a  "free  speech"  bill  was  not  lost  on  opponents  of  the 
measure. 

Nor  was  the  rhetoric  of  the  bill's  supporters  subtle. 

“Without  this  legislation,  I  fear  that  the  cold,  calloused  and  clumsy  hand  of 


bureaucrats  may  stifle  political  speech  in  cyberspace,”  warned  the  bill’s  lead  spon¬ 
sor,  Rep.  Jeb  Hensarling  (R-Texas). 

Why  a  paper- pushing  bureaucrat’s  hands  would  be  calloused  is  beyond  me,  but 
that’s  beside  the  point.  What  Hensarling  and  like-minded  lawmakers  would  have  the 
public  believe  is  that  this  legislation  is  all  about  protecting  bloggers  and  other  “lone 
pamphleteers”  who  have  made  the  Internet  an  increasingly  potent  force  in  electoral 
politics. 

That  such  concerns  are  largely  a  pretext  for  opening  an  online  loophole  in  cam¬ 
paign  finance  law  does  not  mean  they  are  entirely  without  merit,  of  course. 
Bureaucrats  —  be  their  hands  calloused  or  finely  manicured  —  have  been  and  will 
always  be  perfectly  capable  of  doing  dumb  things  in  the  name  of  noble  principles. 

As  we  speak,  the  Federal  Elections  Commission  is  drafting  rules  that  will  govern 
political  ads  and  speech  on  the  Internet.  It's  perfectly  reasonable  to  be  concerned 
that  the  details  will  be  littered  with  little  devils.  Should  that  happen,  we  can  all  break 
out  our  whuppin'  sticks  and  set  to  work  on  correcting  matters. 

In  the  meantime,  there  is  simply  no  need  to  sacrifice  reasonable  campaign  finance 
reforms  over  the  prospect  of  run-amok  regulations  that  haven’t  even  been  written. 

Moreover,  opponents  of  the  bill  were  more  than  willing  to  address  these  legitimate 
concerns.They  tried  to  file  an  amendment  that  would  have  explicitly  protected  blog¬ 
gers  from  being  defanged  while  continuing  to  allow  the  government  to  regulate 
Internet  advertising  to  the  same  degree  as  print  and  broadcast  advertising. The 
amendment  did  not  receive  an  airing. 

There  are  those  who  argue  that  money  and  speech  are  indistinguishable  in  the 
context  of  political  action:  Limiting  the  former  is  by  definition  limiting  the  latter, 
these  folks  argue,  whether  we’re  talking  about  the  Internet  or  traditional  media. 

It’s  a  point  of  view,  albeit  a  minority  one  that  has  failed  in  the  federal  legislative 
arena  and  the  court  of  public  opinion.  Most  Americans  clearly  prefer  that  the  gov¬ 
ernment  play  a  role  in  limiting  the  influence  of  money  on  electoral  politics. 

And  there’s  no  reason  to  believe  they  want  to  make  an  exception  for  the  Internet. 

Feel  free  to  exercise  your  freedom  of  speech.  The  address  is  buzz@nww.com. 
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A  SINGLE  BUSINESS  NOTEBOOK  SERIES 
EQUIPPED  FOR  EXCEPTIONAL  PERFORMANCE, 
PRODUCTIVITY,  AND  FLEXIBILITY. 


Give  me  mobility. 

I  want  flexibility. 


I  demand  security. 


can’t  live  without  connectivity. 


Thin  and  light  form  factors 
Long  battery  life1 
14"  with  modular  bay 
15.4"  with  modular  bay 
17"  with  modular  bay 
Biometric  fingerprint  sensor 
Trusted  Platform  Module 
Bluetooth®  Technology2 
Optional  integrated  wireless  WAN3 
Optional  integrated  camera 


The  Sony®  VAIO®  Professional  BX 
Series  Notebook,  featuring  Intel® 
Centrino'"  Mobile  Technology  for 
exceptional  performance  and 
productivity.  Now  every  department, 
group,  and  individual  in  your 
organization  has  the  power  to 
handle  the  toughest  applications 
with  machines  that  offer  extended 
battery  life  and  sleek,  lightweight 
designs.  No  other  notebook  boasts 
as  many  features. 


Call  866-303=7669 
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